Recovering from Twitter Phishing

Posted by Chel on Monday, November 2, 2009 · 57 Comments

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

If you have gotten your Twitter account hacked because you’ve clicked on a phishing scam link, here’s how to get it cleaned up. Otherwise you might find yourself on lists you don’t want to be on.

Edited to add: Also, periodically check your sent tweets to see what your account has been doing without you! (Hat tip to @cspenn.)

Step 1: Stop clicking the links that get you hacked in the first place. Even if you know the person, consider the message that’s accompanying the link. If it sounds suspicious it probably is.

Step 2: No seriously. Stop.

Step 3: If you are still logged into your account, log out.

Step 4: Clear your browser cache and close out of it completely. (If you have numerous tabs open and don’t want to lose them? Save them as a group in a folder.)

Step 5: Re-open your browser, go to Twitter and change your password. No, don’t use the same password.

Step 6: Go to settings -> connections. Revoke access to any OAuth permissions that are suspicious or that you aren’t actually using. Remember these hacks almost always require you to login or give them permission via OAuth, make sure you trust the companies/people you grant permissions.

revoke OAuth

Step 7: Report the hack to Twitter then delete any tweets from unauthorized access. Prevent others from following the link from your hacked tweet.

Step 8: Post to your blog (i.e. somewhere other than Twitter) to let people/friends/followers know that you’ve been hacked, not to click on links that seems suspicious and when your account has been secured.

If you need help with the clean up or want more advice on how to prevent your account from being hacked you can contact me. I consult on a number of different topics including social meda, manage WordPress maintenance, and help clients manage their time effectively.

Find this post helpful? Please subscribe to our RSS feed!

Buffer

Filed under blog, Featured Articles, Twitter · Tagged with OAuth, phishing, Twitter, Twitter phishing

Anonymous

If you first highlight the URL, then use the keyboard shortcut for “Show and autofill” (mine is set to ^u2325Space), things will automatically populate the URL into the notes for you. This saves the extra step of copying/pasting URL into the notes.
Pingback: uberVU - social comments
http://www.cc-chapman.com cc_chapman

Great information. the only thing I think you left out was Step 9 – Again, stop clicking on links that you don't know what they are *grin*
http://chelpixie.com chelpixie

Ha! I thought step 2 was pretty blunt though
Pingback: Bookmarks for October 29th 2009 through November 2nd 2009
BmoreKarl

Thank you. I just subscribed. Hope you do well.
BMoreKarl
cafedave

A great, accessible summary of what to do – thanks!
http://www.anjibee.com anjibee

i was kind of afraid to click the link from your twitter, suspecting that the phisher as so clever now that they were trying to trick folks by pretending to help them out with anti-phising advice. lol!

i had to change my password to get rid of a stupid daily astrology forecast app awhile back. i didn't know about that revoke access option. i'm gonna go check mine out immediately. thanks, for the info, sweetie!
http://www.facebook.com/allenmireles Allen Mireles

Hey Chel,

Excellent post and timely it would seem–the DM's w/ funky messages are piling up. I'll share this with the poor benighted “phishees” and anyone else who will listen!

Warmly,

(your Twittermate) Allen
http://chelpixie.com chelpixie

Thanks for subscribing!
http://chelpixie.com chelpixie

Happy to be helpful!
http://chelpixie.com chelpixie

Ha! I see your point. Happily I can report that I haven't clicked a bad link yet

Glad I helped and happy to see your face
http://chelpixie.com chelpixie

Hey Allen!

Thanks for sharing it around. Happy it might help someone out when they need it
Pingback: Recovering from Twitter Phishing — cafedave.net
Pingback: Recovering from Twitter Phishing -
QuantumGood

http://status.twitter.com/post/212318608/resear…
You can be “locked out after trying to reset your password”
Twitter “encourages you not to make changes to your email address, password, or user name during this time.”
http://chelpixie.com chelpixie

Quantum,

As there is zero mention of the phishing scheme in that post I'd say it's unrelated.

I had some problems during this the time they were having issues with this that kept locking me out of my account even without the changes listed. They have since resolved that problem for me. I'm not sure if that's Twitter wide resolution.

As always, take these steps if you're comfortable with them. If you aren't, then don't. At the very least contact Twitter to alert them you've been hacked.

I'd follow the steps above to prevent the DMs from spreading to other users which creates a bigger problem.

-Chel
http://www.kherize5.com Suzanne Vara

Great information as people have been warned and when they end up on lists that they do not want to be on there is no crying.

I cannot believe that people click links even from people that they know that seem out of character or suspicious.

Thanks for the reminder and info.
Pingback: Stop the Twitter Hack Attacks | Professional Blog Service
Pingback: Marketing Over Coffee Marketing Podcast » Stay On Target
http://danieljohnsonjr.com danieljohnsonjr

In Tweetdeck, when you click on bit.ly links, it will preview the link so you can see what it's shortened from, before proceeding. I'm not sure if that's a default setting or one I changed to make so. In fact, adding the plus sign (+) after any bit.ly link takes you to the Info page.
Pingback: Jackie Miao » Alert: Mafia Family Twitter Phishing Scam
http://chelpixie.com chelpixie

Yep, as long as your signed into bit.ly via Tweetdeck it'll put that option in place for you. I'm not sure if you need to remain signed into bit.ly as well in your browser.
ejswensson

I may not have been hacked but only received some of these DM's. How do you know? I noticed them 2-3 days ago, never clicked on them, do not get repeats.
http://chelpixie.com chelpixie

Check your sent DM regularly. If you see something that you didn't send and it reads spamy then you've probably been hacked.

And don't click on them and you should be fine
Pingback: This Week in Twitter for 11/13/2009 « Church Mojo
Pingback: How to Avoid Twitter Phishing Scams | Blogging Bistro
http://WebSavvyPR.com CathyWebSavvyPR

Great tips – thanks to @ChrisPenn for RTing the link to this. I saw this post before, and thought I had bookmarked it, but couldn't

' find it. The only thing I would do differently is send the tweet 1st that says yr account has been hacked, then go do all of the rest of the items on the list! The other thing I would do it to reteweet this post out, is that if anyone in your twitter stream did get hacked, they can get themselves out of it.
michaelkennerley

Oh, How I wish I had seen this about a week earlier. Hundreds of messages about some IQ Quiz were sent out over my name and I didn't know how to stop them. I tweeted for help and some kind soul suggested I change my password. I did that but was locked out of my account and couldn't reach anyone for help. I then opened a new Twitter account with a new name managed to access my old account and one by one followed my previous list. It took a lot of time and the whole experience has been a nightmare.
Had I known what to do I could have saved a lot of time and angst.
Your advice is well taken. Thank you!
prowse

That darned Imogeen Heap, I just new she was up to no good!
Pingback: How I Propose Tweeters Uncover Black Hat Direct Message Hackers :: Web Design, Web Development, Web Traffic and SEO
Pingback: Mr. Tweet: Your Personal Networking Assistant!
Pingback: Top 10 Posts of 2009 -
http://www.theskinsociety.com/ Mike

Great info Thanks
JeffBarden

Thanks for this post. One question. How can my account be hacked without me clicking on a bad link?
http://chelpixie.com/ Chel Wolverton

Jeff, could be the OAuth permissions you’ve got on your Twitter account, check them out in your settings page and disable anything that you don’t 100% trust.
http://www.facebook.com/DianeRayfield.ISMA Diane Rayfield

Great advise. It seems the DMs on Twitter are usually suspect when these things happen so I stay away from opening those links altogether unless it’s from a trusted source.
http://copylicious.com/blog Kelly Parkinson

I just did the same thing! I clicked over from your bio. I've never been hacked but knock knock. Now I know what to do should one day my guard be down and there really IS an embarrassing picture of me out there. Thanks!
http://debmallett.com/ Deb

Hi Michelle. Very helpful post. I haven’t got any phishing DMs and don’t have any OAuth permissions (checked that a couple of months ago). But saw your tweet and decided to check things out anyway. Now I can’t find Connections anywhere under Settings. I wonder if Twitter has changed since your original post in November. Or if it just doesn’t show up now when there are no OAuth permissions. Or maybe it’s just me!
http://twitter.com/compergrapevine Jane Willis

Thanks very much for this, a lot more people seem to be affected today and I’ve passed the link on to them
Wendy

Yep. Got hacked. Fixed it based on your article. Feel stupid. Question: how do you ALWAYS know what link will get you hacked?
Pingback: Your Friends Don’t Mean to Send You Spam
Pingback: Twitternytta 2:2010 | The Brand-Man
Pingback: Smurftips — Doktor Spinn
http://chelpixie.com/ Chel Wolverton

Don’t feel stupid! Many people fall for it. I’d just be cautious regarding any links you click. Download Tweetdeck and activate the “preview URL” feature which will tell you what site you’re visiting before it goes through. Especially be cautious if you don’t typically DM with the person that’s sent the link, even if you trust them. You can always ask them to confirm that they sent it before you open it.nnAlso, when you visit a link that asks you to log into Twitter, make sure it’s twitter.com in the address bar before you login.
http://chelpixie.com/ Chel Wolverton

Thanks, Jane, for sharing the link! I hope it’s helpful.
http://chelpixie.com/ Chel Wolverton

It could be you don’t have any connections? If you know you have some OAuth privileges then I’d suggest contacting Twitter support to let them know it’s not showing up for you.
http://chelpixie.com/ chelpixie

Hee. You could always ask the friend if the embarrassing photo link he or she sent is real before you click.
http://chelpixie.com/ chelpixie

Sorry to hear you were hacked so badly! Hopefully this will serve you if it happens again in the future!
http://chelpixie.com/ chelpixie

Chris is super awesome about spreading the word!

My reasoning for sending users through the process of changing passwords first is to stop the damage and spread of the DMs by cutting off access to their account. If folks catch it quickly enough it'll be easier to contain.

Please feel free to share the post. I'm happy that it's helping so many people in the community recover from being hacked.
dylangirl99

I have been hacked people tell me. Apparently someone used my twitter name and sent disgusting tweets to people on my act..I am so upset. First I changed my password. But I'll go back and see what else I can do. If I'm not sure it's over I might contact you!!! Kim (on twitter) gave me your name.Thanks and I'll be in touch.What do we have but our communication on twitter-so embarresed the men recieved things I would not dream of saying(some were to polite to ask if I wrote those!-eeeks)(dylangirl99)
Pingback: Hackat Twitterkonto? | Webb & Kommunikation av Gustav Kullander
http://chelpixie.com/ chelpixie

Feel free to contact me if you need help.
Anonymous

Thank goodness you have this info. When “it” happens you can’t find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.
dylangirl99

Thank goodness you have this info. When “it” happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.
dylangirl99

Thank goodness you have this info. When “it” happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.
http://twitter.com/shoutbrigade Shout Brigade

Thanks for this post — so many of my friends have fallen victim to these scams recently — it has saved me loads of time being able to just forward this on to them. Thanks again – all the best!! – Cary Scott

Recovering from Twitter Phishing

Social + Tech

Subscribe!

Subscribe to the RSS feed!

About Chel

Popular Posts

Inspiration

Things I Highly Recommend