Recovering from Twitter Phishing

If you have gotten your Twitter account hacked because you’ve clicked on a phishing scam link, here’s how to get it cleaned up.  Otherwise you might find yourself on lists you don’t want to be on.

Edited to add: Also, periodically check your sent tweets to see what your account has been doing without you!  (Hat tip to @cspenn.)

Step 1: Stop clicking the links that get you hacked in the first place.  Even if you know the person, consider the message that’s accompanying the link.  If it sounds suspicious it probably is.

Step 2: No seriously. Stop.

Step 3: If you are still logged into your account, log out.

Step 4: Clear your browser cache and close out of it completely.  (If you have numerous tabs open and don’t want to lose them?  Save them as a group in a folder.)

Step 5: Re-open your browser, go to Twitter and change your password.  No, don’t use the same password.

Step 6: Go to settings -> connections.  Revoke access to any OAuth permissions that are suspicious or that you aren’t actually using.  Remember these hacks almost always require you to login or give them permission via OAuth, make sure you trust the companies/people you grant permissions.

revoke OAuth

Step 7: Report the hack to Twitter then delete any tweets from unauthorized access.  Prevent others from following the link from your hacked tweet.

Step 8: Post to your blog (i.e. somewhere other than Twitter) to let people/friends/followers know that you’ve been hacked, not to click on links that seems suspicious and when your account has been secured.

If you need help with the clean up or want more advice on how to prevent your account from being hacked you can contact me.  I consult on a number of different topics including social meda, manage WordPress maintenance, and  help clients manage their time effectively.

Find this post helpful? Please subscribe to our RSS feed!

39 comments
Shout Brigade
Shout Brigade

Thanks for this post -- so many of my friends have fallen victim to these scams recently -- it has saved me loads of time being able to just forward this on to them. Thanks again - all the best!! - Cary Scott

dylangirl99
dylangirl99

Thank goodness you have this info. When "it" happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.

dylangirl99
dylangirl99

Thank goodness you have this info. When "it" happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.

chelpixie
chelpixie

Feel free to contact me if you need help.

dylangirl99
dylangirl99

I have been hacked people tell me. Apparently someone used my twitter name and sent disgusting tweets to people on my act..I am so upset. First I changed my password. But I'll go back and see what else I can do. If I'm not sure it's over I might contact you!!! Kim (on twitter) gave me your name.Thanks and I'll be in touch.What do we have but our communication on twitter-so embarresed the men recieved things I would not dream of saying(some were to polite to ask if I wrote those!-eeeks)(dylangirl99)

chelpixie
chelpixie

Chris is super awesome about spreading the word!My reasoning for sending users through the process of changing passwords first is to stop the damage and spread of the DMs by cutting off access to their account. If folks catch it quickly enough it'll be easier to contain.Please feel free to share the post. I'm happy that it's helping so many people in the community recover from being hacked.

chelpixie
chelpixie

Sorry to hear you were hacked so badly! Hopefully this will serve you if it happens again in the future!

chelpixie
chelpixie

Hee. You could always ask the friend if the embarrassing photo link he or she sent is real before you click.

Wendy
Wendy

Yep. Got hacked. Fixed it based on your article. Feel stupid. Question: how do you ALWAYS know what link will get you hacked?

Jane Willis
Jane Willis

Thanks very much for this, a lot more people seem to be affected today and I've passed the link on to them

Deb
Deb

Hi Michelle. Very helpful post. I haven't got any phishing DMs and don't have any OAuth permissions (checked that a couple of months ago). But saw your tweet and decided to check things out anyway. Now I can't find Connections anywhere under Settings. I wonder if Twitter has changed since your original post in November. Or if it just doesn't show up now when there are no OAuth permissions. Or maybe it's just me! :)

Kelly Parkinson
Kelly Parkinson

I just did the same thing! I clicked over from your bio. I've never been hacked but knock knock. Now I know what to do should one day my guard be down and there really IS an embarrassing picture of me out there. Thanks!

Diane Rayfield
Diane Rayfield

Great advise. It seems the DMs on Twitter are usually suspect when these things happen so I stay away from opening those links altogether unless it's from a trusted source.

JeffBarden
JeffBarden

Thanks for this post. One question. How can my account be hacked without me clicking on a bad link?

Mike
Mike

Great info Thanks

prowse
prowse

That darned Imogeen Heap, I just new she was up to no good!

michaelkennerley
michaelkennerley

Oh, How I wish I had seen this about a week earlier. Hundreds of messages about some IQ Quiz were sent out over my name and I didn't know how to stop them. I tweeted for help and some kind soul suggested I change my password. I did that but was locked out of my account and couldn't reach anyone for help. I then opened a new Twitter account with a new name managed to access my old account and one by one followed my previous list. It took a lot of time and the whole experience has been a nightmare. Had I known what to do I could have saved a lot of time and angst.Your advice is well taken. Thank you!

CathyWebSavvyPR
CathyWebSavvyPR

Great tips - thanks to @ChrisPenn for RTing the link to this. I saw this post before, and thought I had bookmarked it, but couldn't' find it. The only thing I would do differently is send the tweet 1st that says yr account has been hacked, then go do all of the rest of the items on the list! The other thing I would do it to reteweet this post out, is that if anyone in your twitter stream did get hacked, they can get themselves out of it.

chelpixie
chelpixie

Check your sent DM regularly. If you see something that you didn't send and it reads spamy then you've probably been hacked.And don't click on them and you should be fine ;)

ejswensson
ejswensson

I may not have been hacked but only received some of these DM's. How do you know? I noticed them 2-3 days ago, never clicked on them, do not get repeats.

chelpixie
chelpixie

Yep, as long as your signed into bit.ly via Tweetdeck it'll put that option in place for you. I'm not sure if you need to remain signed into bit.ly as well in your browser.

danieljohnsonjr
danieljohnsonjr

In Tweetdeck, when you click on bit.ly links, it will preview the link so you can see what it's shortened from, before proceeding. I'm not sure if that's a default setting or one I changed to make so. In fact, adding the plus sign (+) after any bit.ly link takes you to the Info page.

Suzanne Vara
Suzanne Vara

Great information as people have been warned and when they end up on lists that they do not want to be on there is no crying. I cannot believe that people click links even from people that they know that seem out of character or suspicious. Thanks for the reminder and info.

chelpixie
chelpixie

Quantum, As there is zero mention of the phishing scheme in that post I'd say it's unrelated.I had some problems during this the time they were having issues with this that kept locking me out of my account even without the changes listed. They have since resolved that problem for me. I'm not sure if that's Twitter wide resolution.As always, take these steps if you're comfortable with them. If you aren't, then don't. At the very least contact Twitter to alert them you've been hacked.I'd follow the steps above to prevent the DMs from spreading to other users which creates a bigger problem.-Chel

chelpixie
chelpixie

Hey Allen!Thanks for sharing it around. Happy it might help someone out when they need it :)

chelpixie
chelpixie

Ha! I see your point. Happily I can report that I haven't clicked a bad link yet ;)Glad I helped and happy to see your face :)

Allen Mireles
Allen Mireles

Hey Chel,Excellent post and timely it would seem--the DM's w/ funky messages are piling up. I'll share this with the poor benighted "phishees" and anyone else who will listen!Warmly,(your Twittermate) Allen

anjibee
anjibee

i was kind of afraid to click the link from your twitter, suspecting that the phisher as so clever now that they were trying to trick folks by pretending to help them out with anti-phising advice. lol!i had to change my password to get rid of a stupid daily astrology forecast app awhile back. i didn't know about that revoke access option. i'm gonna go check mine out immediately. thanks, for the info, sweetie!

cafedave
cafedave

A great, accessible summary of what to do - thanks!

BmoreKarl
BmoreKarl

Thank you. I just subscribed. Hope you do well.BMoreKarl

chelpixie
chelpixie

Ha! I thought step 2 was pretty blunt though ;)

cc_chapman
cc_chapman

Great information. the only thing I think you left out was Step 9 - Again, stop clicking on links that you don't know what they are *grin*

Chel Wolverton
Chel Wolverton

Don't feel stupid! Many people fall for it. I'd just be cautious regarding any links you click. Download Tweetdeck and activate the "preview URL" feature which will tell you what site you're visiting before it goes through. Especially be cautious if you don't typically DM with the person that's sent the link, even if you trust them. You can always ask them to confirm that they sent it before you open it.nnAlso, when you visit a link that asks you to log into Twitter, make sure it's twitter.com in the address bar before you login.

Chel Wolverton
Chel Wolverton

Thanks, Jane, for sharing the link! I hope it's helpful.

Chel Wolverton
Chel Wolverton

It could be you don't have any connections? If you know you have some OAuth privileges then I'd suggest contacting Twitter support to let them know it's not showing up for you.

Chel Wolverton
Chel Wolverton

Jeff, could be the OAuth permissions you've got on your Twitter account, check them out in your settings page and disable anything that you don't 100% trust.

Trackbacks

  1. Social comments and analytics for this post…

    This post was mentioned on Twitter by cspenn: @stacykatz http://bit.ly/2cpTyh

  2. [...] Recovering from Twitter Phishing – Nice little how-to. via @chelpixie on Twitter. [...]

  3. [...] [ chris brogan ] If you’ve been seeing tweets from people with suspicious links in them, or worse, if you’ve been sending those tweets without realising it, you’ll want to follow these steps: Recovering from Twitter Phishing. [...]

  4. [...] Read More Here… Share and Enjoy: [...]

  5. [...] Michelle Wolverton at ChellePixie wrote a great post about how to recover from these Twitter phishing attacks. [...]

  6. [...] 20:59 Ed finds a WordPress Hack on MOC.com – Two security plugins: WordPress Exploit Scanner, WordPress Security Scan, Shel’s 8 Steps to Clean Up after a Twitter Compromise [...]

  7. [...] you’ve somehow clicked and authorized the app to access your Twitter account, go to this link and follow the instructions to recover from the phishing attack. Thanks! Categories: [...]

  8. [...] RT @LisaHoffman: “Change public relations to people relations” – @ConversationAge#blogwell Recovering from Twitter Phishing Via @mikepfs Heard from a lot of phishing victims this week. Michelle Wolverton gives tips on what [...]

  9. [...] the email marketing campaigns of the top online retailers to reveal tre… 1 Likes Recovering from Twitter Phishing – Recover your account from Twitter phishing attacks. 1 Likes The Definitive Guide to [...]

  10. [...] Recovering from Twitter Phishing [...]

  11. [...] Sometimes, though, changing your password isn’t enough. To make sure you totally eradicate the problem, you can follow the steps in Michelle Wolverton’s post Recovering from Twitter Phishing. [...]

  12. [...] I veckan blev mitt twitterkonto kapat. Konsekvensen blev att mina twittervänner utsattes för spammeddelanden skickade från mitt konto, med syftet att även kapa deras konton. Jag fick som tur var snabbt hjälp att lösa problemet, av bl.a. @kwasbeb, @RudolfChristian och @Fjallraven_Swe. Stort tack! Skulle också du råka ut för en kapning finns receptet på hur du fritar ditt twitterkonto här. [...]

  13. [...] Recovering from Twitter phishingEn inte helt relevant guide dessa dagar. Många spam-DM i min inkorg från många av mina Twitter-vänner just nu. [...]

  14. [...] Här kan du läsa om hur du skyddar dig. Dela/Bokmärk [...]