I got a direct message the other day on Twitter from someone who I follow. It was a warning about a potentially harmful video about me, floating around the internet. It seemed out of character for someone with whom I have not previously messaged with, to take such a personal interest in my online reputation. Their account had clearly been hacked.
This scam has been around for a while now. Here’s how it works.
When you get that message, that tells you someone is spreading lies, or sharing video, or otherwise embarrassing you online, there is a link within that tweet that takes you to a page that looks very similar to the login page for twitter (it happens on facebook too, note the web address in the picture), but you aren’t logging in to twitter, you are logging in to a separate website that is waiting for you to reveal your credentials so that they can start pushing the the same link out to your followers too.
What should you do.
The first thing you need to do is change your password. This will revoke their access if they try to log into your account; but the purpose of this scam is not just to gain access to your account so they can spread the link to others: there must be something else they are trying to achieve. The next step is where you you are probably doing the most good in protecting yourself. Log into twitter.com and go to Settings/Apps and scan the list of apps you have allowed to access your account. Revoke an rogue apps.
It would probably help to send out a few remind tweets to let people know you have been hacked. Spread this post around and save your followers the embarrassment of being had by the spammers.
Wow cool