Wednesday, January 18, 2012

How To Handle A Compromised Twitter Account

You seen what this person is saying about you? ... terrible things..

Hey, theres someone making nasty blogs about you, check them out...

Are you aware of the bad things someone is saying about you? this is what they are saying ... real nasty things...

We've all seen these bogus messages on Twitter.

In case you haven't seen them or aren't aware, THESE MESSAGES ARE BOGUS.

These messages are sent by spammers, scammers, losers, and dipsh*ts trying to tempt/entice/coerce you into clicking the link. Clicking the link takes you to a page which tries to sell you an iPad half the time. (The aforementioned spammers, scammers, losers, and dipsh*ts get paid per click, and their automated software has found you.)

But it could also be much more insidious, ie DANGEROUS to your computer.

I have a close friend who makes his living doing computer repair and setting up networks for small businesses. He is constantly texting me and emailing me, warning that there are new viruses and exploits hitting the Internet.

Clicking on these bogus links and going to an outside page can possibly lead to such an exploit. Exploits can be so insidious that simply mousing over a dialogue box can activate it. Clicking the little X to close a dialogue box can activate it.

So make sure you have anti-virus software installed, running, and updated. (My friend likes AVG, simply because, of all the sick computers he sees, and of all the anti-virus software available, in his experience AVG seems to catch more bugs than the other brands.)

So, getting back to Twitter and the bogus messages: what to do about them?

I went to Twitter's help page and read that they suggest three steps for a compromised account:

1. Change your password
2. Revoke connections
3. Update your new password in your trusted third-party applications

They also address the issue specifically:

"Be wary of weird links in DMs: Be cautious when clicking on odd links in DMs. Even if the link came from a friend, it's possible that their account was compromised and the URL was actually sent out by a spammer."

"Phishing websites will often look just like Twitter's login page, but will actually be a website that is not Twitter. Here are some examples of URLs that are NOT Twitter pages:

And here's more:

"Evaluating Links on Twitter
Lots of links are shared on Twitter, and many are posted with URL shorteners. URL shorteners, like or TinyURL, create unique, shortened links that redirect to your longer link so it can be more easily shared. URL shorteners can also obscure the end domain, making it difficult to tell where the link goes to.

Some browsers have free plug-ins that will show you the extended URLs without you having to click on them. Here are links to plug-ins for Internet Explorer and Firefox (which is a free-to-download browser):

In general, please use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don't give up your username and password! Just type in into your browser bar and log in directly from the Twitter homepage."

And finally we have an answer to the problem as suggested by the Twitter folks; THIS is the reason I wrote this blog; THIS is the dilemma I've been faced with:

"Assist any Compromised Friends and Followers

If you get a weird link from a follower that you think is a phishing site or a spam site, reach out and suggest they change their password right away. You can also send them to the help page for compromised accounts so they can get more information."
I get A LOT of these dubious messages/links, goading me into exploring the nonexistent photos of myself or the equally nonexistent gossip.
Perhaps we all need to agree on a universal code phrase which we can send to the compromised person's account via a DM (direct message). Something quick, because I don't have time to sit around all day dealing with this. I know you don't, either. But if my account becomes compromised, I would like to know about it.
Any suggestions?


  1. Great post Ryan - Hope I never need it after the fact.

  2. Thanks for taking the time to share such useful info.

  3. Thanks for this - I have had several of these and have clicked the links in ignorance, but not opened the pages as my MAC has flagged them as untrustworthy. I just hope that the Apple claim to be virus-immune is true.

  4. Thank you so much for doing this post! Why can't these people get a normal life?