Recovering from Twitter Phishing

- November 2, 2009 - by Chel Wolverton, in blog, Featured Articles, Twitter, with 57 comments -

If you have gotten your Twitter account hacked because you’ve clicked on a phishing scam link, here’s how to get it cleaned up. Otherwise you might find yourself on lists you don’t want to be on.

Edited to add: Also, periodically check your sent tweets to see what your account has been doing without you! (Hat tip to @cspenn.)

Step 1: Stop clicking the links that get you hacked in the first place. Even if you know the person, consider the message that’s accompanying the link. If it sounds suspicious it probably is.

Step 2: No seriously. Stop.

Step 3: If you are still logged into your account, log out.

Step 4: Clear your browser cache and close out of it completely. (If you have numerous tabs open and don’t want to lose them? Save them as a group in a folder.)

Step 5: Re-open your browser, go to Twitter and change your password. No, don’t use the same password.

Step 6: Go to settings -> connections. Revoke access to any OAuth permissions that are suspicious or that you aren’t actually using. Remember these hacks almost always require you to login or give them permission via OAuth, make sure you trust the companies/people you grant permissions.

Step 7: Report the hack to Twitter then delete any tweets from unauthorized access. Prevent others from following the link from your hacked tweet.

Step 8: Post to your blog (i.e. somewhere other than Twitter) to let people/friends/followers know that you’ve been hacked, not to click on links that seems suspicious and when your account has been secured.

If you need help with the clean up or want more advice on how to prevent your account from being hacked you can contact me. I consult on a number of different topics including social meda, manage WordPress maintenance, and help clients manage their time effectively.

Find this post helpful? Please subscribe to our RSS feed!

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Tags: OAuth phishing Twitter Twitter phishing

Shout Brigade

Thanks for this post -- so many of my friends have fallen victim to these scams recently -- it has saved me loads of time being able to just forward this on to them. Thanks again - all the best!! - Cary Scott

share flag

spam
offensive
disagree
off topic

dylangirl99

Thank goodness you have this info. When "it" happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.

chelpixie

Feel free to contact me if you need help.

I have been hacked people tell me. Apparently someone used my twitter name and sent disgusting tweets to people on my act..I am so upset. First I changed my password. But I'll go back and see what else I can do. If I'm not sure it's over I might contact you!!! Kim (on twitter) gave me your name.Thanks and I'll be in touch.What do we have but our communication on twitter-so embarresed the men recieved things I would not dream of saying(some were to polite to ask if I wrote those!-eeeks)(dylangirl99)

Chris is super awesome about spreading the word!My reasoning for sending users through the process of changing passwords first is to stop the damage and spread of the DMs by cutting off access to their account. If folks catch it quickly enough it'll be easier to contain.Please feel free to share the post. I'm happy that it's helping so many people in the community recover from being hacked.

Sorry to hear you were hacked so badly! Hopefully this will serve you if it happens again in the future!

Hee. You could always ask the friend if the embarrassing photo link he or she sent is real before you click.

Wendy

Yep. Got hacked. Fixed it based on your article. Feel stupid. Question: how do you ALWAYS know what link will get you hacked?

Chel Wolverton

Don't feel stupid! Many people fall for it. I'd just be cautious regarding any links you click. Download Tweetdeck and activate the "preview URL" feature which will tell you what site you're visiting before it goes through. Especially be cautious if you don't typically DM with the person that's sent the link, even if you trust them. You can always ask them to confirm that they sent it before you open it.nnAlso, when you visit a link that asks you to log into Twitter, make sure it's twitter.com in the address bar before you login.

Jane Willis

Thanks very much for this, a lot more people seem to be affected today and I've passed the link on to them

Thanks, Jane, for sharing the link! I hope it's helpful.

Deb

Hi Michelle. Very helpful post. I haven't got any phishing DMs and don't have any OAuth permissions (checked that a couple of months ago). But saw your tweet and decided to check things out anyway. Now I can't find Connections anywhere under Settings. I wonder if Twitter has changed since your original post in November. Or if it just doesn't show up now when there are no OAuth permissions. Or maybe it's just me! :)

It could be you don't have any connections? If you know you have some OAuth privileges then I'd suggest contacting Twitter support to let them know it's not showing up for you.

Kelly Parkinson

I just did the same thing! I clicked over from your bio. I've never been hacked but knock knock. Now I know what to do should one day my guard be down and there really IS an embarrassing picture of me out there. Thanks!

Diane Rayfield

Great advise. It seems the DMs on Twitter are usually suspect when these things happen so I stay away from opening those links altogether unless it's from a trusted source.

JeffBarden

Thanks for this post. One question. How can my account be hacked without me clicking on a bad link?

Jeff, could be the OAuth permissions you've got on your Twitter account, check them out in your settings page and disable anything that you don't 100% trust.

Mike

Great info Thanks

prowse

That darned Imogeen Heap, I just new she was up to no good!

michaelkennerley

Oh, How I wish I had seen this about a week earlier. Hundreds of messages about some IQ Quiz were sent out over my name and I didn't know how to stop them. I tweeted for help and some kind soul suggested I change my password. I did that but was locked out of my account and couldn't reach anyone for help. I then opened a new Twitter account with a new name managed to access my old account and one by one followed my previous list. It took a lot of time and the whole experience has been a nightmare. Had I known what to do I could have saved a lot of time and angst.Your advice is well taken. Thank you!

CathyWebSavvyPR

Great tips - thanks to @ChrisPenn for RTing the link to this. I saw this post before, and thought I had bookmarked it, but couldn't' find it. The only thing I would do differently is send the tweet 1st that says yr account has been hacked, then go do all of the rest of the items on the list! The other thing I would do it to reteweet this post out, is that if anyone in your twitter stream did get hacked, they can get themselves out of it.

Check your sent DM regularly. If you see something that you didn't send and it reads spamy then you've probably been hacked.And don't click on them and you should be fine ;)

ejswensson

I may not have been hacked but only received some of these DM's. How do you know? I noticed them 2-3 days ago, never clicked on them, do not get repeats.

Yep, as long as your signed into bit.ly via Tweetdeck it'll put that option in place for you. I'm not sure if you need to remain signed into bit.ly as well in your browser.

danieljohnsonjr

In Tweetdeck, when you click on bit.ly links, it will preview the link so you can see what it's shortened from, before proceeding. I'm not sure if that's a default setting or one I changed to make so. In fact, adding the plus sign (+) after any bit.ly link takes you to the Info page.

Suzanne Vara

Great information as people have been warned and when they end up on lists that they do not want to be on there is no crying. I cannot believe that people click links even from people that they know that seem out of character or suspicious. Thanks for the reminder and info.

Quantum, As there is zero mention of the phishing scheme in that post I'd say it's unrelated.I had some problems during this the time they were having issues with this that kept locking me out of my account even without the changes listed. They have since resolved that problem for me. I'm not sure if that's Twitter wide resolution.As always, take these steps if you're comfortable with them. If you aren't, then don't. At the very least contact Twitter to alert them you've been hacked.I'd follow the steps above to prevent the DMs from spreading to other users which creates a bigger problem.-Chel

QuantumGood

http://status.twitter.com/post/212318608/resear...You can be "locked out after trying to reset your password"Twitter "encourages you not to make changes to your email address, password, or user name during this time."

Hey Allen!Thanks for sharing it around. Happy it might help someone out when they need it :)

Ha! I see your point. Happily I can report that I haven't clicked a bad link yet ;)Glad I helped and happy to see your face :)

Happy to be helpful!

Thanks for subscribing!

Allen Mireles

Hey Chel,Excellent post and timely it would seem--the DM's w/ funky messages are piling up. I'll share this with the poor benighted "phishees" and anyone else who will listen!Warmly,(your Twittermate) Allen

anjibee

i was kind of afraid to click the link from your twitter, suspecting that the phisher as so clever now that they were trying to trick folks by pretending to help them out with anti-phising advice. lol!i had to change my password to get rid of a stupid daily astrology forecast app awhile back. i didn't know about that revoke access option. i'm gonna go check mine out immediately. thanks, for the info, sweetie!

cafedave

A great, accessible summary of what to do - thanks!

BmoreKarl

Thank you. I just subscribed. Hope you do well.BMoreKarl

Ha! I thought step 2 was pretty blunt though ;)

cc_chapman

Great information. the only thing I think you left out was Step 9 - Again, stop clicking on links that you don't know what they are *grin*

uberVU - social comments says:

November 2, 2009 at 2:13 pm

Social comments and analytics for this post…

This post was mentioned on Twitter by cspenn: @stacykatz http://bit.ly/2cpTyh…

Bookmarks for October 29th 2009 through November 2nd 2009 says:

November 2, 2009 at 3:03 pm

[...] Recovering from Twitter Phishing – Nice little how-to. via @chelpixie on Twitter. [...]

Recovering from Twitter Phishing — cafedave.net says:

November 2, 2009 at 4:55 pm

[...] [ chris brogan ] If you’ve been seeing tweets from people with suspicious links in them, or worse, if you’ve been sending those tweets without realising it, you’ll want to follow these steps: Recovering from Twitter Phishing. [...]

Recovering from Twitter Phishing - says:

November 2, 2009 at 6:04 pm

[...] Read More Here… Share and Enjoy: [...]

Stop the Twitter Hack Attacks | Professional Blog Service says:

November 2, 2009 at 8:46 pm

[...] Michelle Wolverton at ChellePixie wrote a great post about how to recover from these Twitter phishing attacks. [...]

Marketing Over Coffee Marketing Podcast » Stay On Target says:

November 4, 2009 at 9:17 pm

[...] 20:59 Ed finds a WordPress Hack on MOC.com – Two security plugins: WordPress Exploit Scanner, WordPress Security Scan, Shel’s 8 Steps to Clean Up after a Twitter Compromise [...]

Jackie Miao » Alert: Mafia Family Twitter Phishing Scam says:

November 5, 2009 at 1:38 pm

[...] you’ve somehow clicked and authorized the app to access your Twitter account, go to this link and follow the instructions to recover from the phishing attack. Thanks! Categories: [...]

This Week in Twitter for 11/13/2009 « Church Mojo says:

November 16, 2009 at 1:25 am

[...] RT @LisaHoffman: “Change public relations to people relations” – @ConversationAge#blogwell Recovering from Twitter Phishing Via @mikepfs Heard from a lot of phishing victims this week. Michelle Wolverton gives tips on what [...]

How to Avoid Twitter Phishing Scams | Blogging Bistro says:

November 23, 2009 at 9:03 am

[...] Recovering from Twitter Phishing [...]

How I Propose Tweeters Uncover Black Hat Direct Message Hackers :: Web Design, Web Development, Web Traffic and SEO says:

November 30, 2009 at 8:54 pm

[...] Recovering from Twitter Phishing (chelpixie.com) [...]

Mr. Tweet: Your Personal Networking Assistant! says:

December 25, 2009 at 5:31 am

[...] the email marketing campaigns of the top online retailers to reveal tre… 1 Likes Recovering from Twitter Phishing – Recover your account from Twitter phishing attacks. 1 Likes The Definitive Guide to [...]

Blog

Recovering from Twitter Phishing

Trackbacks