How to Avoid Twitter phishing scams

Last updated on July 6th, 2015 at 02:36 am

If you receive a DM on twitter “This made me laugh so hard when i saw this about you lol” it?s a phishing scam to get your twitter login details. Your account will then send that or similar DM?s on to your friends. Don?t fall for this email hoax and login to twitter via the link, it?s a fake site.

Why are so many of my twitter friends caught out by this scam? The scam is most effective against users on mobile devices like smart-phones. It?s hard to read the misspelled URL that looks like twitter?s.

As this attack matures, the exact phrase used will change. The way to be safe on a mobile device is

  1. use the twitter client for your device or a well known 3rd party client (like TweetDeck).
  2. login on that client only not the device?s browser.
  3. don?t trust a DM from a contact that does not have context (see below)
  4. if you click on a shorted URL link that takes you to something that looks like twitter do not login ? use your dedicated client program instead.

What is context? If you ask a friend to send you a picture and they reply with a URL, that is expected behaviour. If you didn?t ask for it and didn?t party at the Playboy Mansion with them last night, they don?t have a LOL photo of you. Assume they?ve been compromised and move on.

?Compromised? is very cloak and dagger but it?s also smart. At a time when the bad guys are selling compromised accounts and PC?s by the thousands, your login credentials are a commodity worth a fraction of a cent (e.g. 40EUR per 100,000 email addresses last night). So act like a secret agent and assume the worst, you?ll live longer.

The clever social engineering trick that?s hard to resist, what if something bad is?really?being said about us?

Other phrases I?ve seen so far (I updated this list 6 January 2013):

  • Did you see this pic of you? lol
  • FYI this profile on twitter (URL) is spreading nasty blogs around about you
  • damn this person is making updates with retarded things that involve you
  • HAHA omg you have to see this?IM dying from laughing so hard?
  • lol wat r you doing n this video
  • u didn?t see them tapping u
  • hey this user is making up cruel things that are about you
  • hey this person is making up cruel things that are about you
  • hey someone is writing shocking posts that are about you
  • Hi this user is posting really bad things about you
  • See who is Stalking your Twitter!?(this is the?StalkTrak scam)
  • Find out who?s stalking your twitter
  • Hello some person is posting very bad rumors about you?
  • LOL?i am laughing so hard at this pic of me my friend found
  • Hello this user is making nasty things about you?
  • did you see this crazy tweet about you?
  • Hey some person is making terrible things about you?
  • Hello somebody is making nasty things about you?
  • Hi someone is posting very bad rumors about you?
  • Someone is saying some real horrible things about you, seen this?
  • Seen this really?nasty?rumor/blog about you?
  • There is a rumor/blog going around about you might want to read it
  • Rumor has it there is some bad things about you
  • I saw a real bad blog about you, you seen this?
  • Found a funny picture of you!
  • I cannot believe what this person is saying about you! it?s pretty nasty stuff
  • You seen what this person is saying about you? terrible things..
  • Hey?you seen this yet? some horrible rumors about you going around online?
  • i cant believe this but there are some real nasty things being said about you here
  • Hey, so some real?nasty?things are being said about you here i cant believe what was said..

If you want more information on keeping safe online, I also recommend this great ebook Cyber Scams ? a visual guide to 25 of the biggest Internet scams.

If you?ve already been scammed do the following

  1. Change your password at?
  2. Revoke permission from any unknown applications at?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.