social media : digital project management

Recovering from Twitter Phishing

Posted by Chel in Featured Articles, Twitter, blog on 11 2nd, 2009 | Comments

If you have gotten your Twitter account hacked because you’ve clicked on a phishing scam link, here’s how to get it cleaned up.  Otherwise you might find yourself on lists you don’t want to be on.

Edited to add: Also, periodically check your sent tweets to see what your account has been doing without you!  (Hat tip to @cspenn.)

Step 1: Stop clicking the links that get you hacked in the first place.  Even if you know the person, consider the message that’s accompanying the link.  If it sounds suspicious it probably is.

Step 2: No seriously. Stop.

Step 3: If you are still logged into your account, log out.

Step 4: Clear your browser cache and close out of it completely.  (If you have numerous tabs open and don’t want to lose them?  Save them as a group in a folder.)

Step 5: Re-open your browser, go to Twitter and change your password.  No, don’t use the same password.

Step 6: Go to settings -> connections.  Revoke access to any OAuth permissions that are suspicious or that you aren’t actually using.  Remember these hacks almost always require you to login or give them permission via OAuth, make sure you trust the companies/people you grant permissions.

revoke OAuth

Step 7: Report the hack to Twitter then delete any tweets from unauthorized access.  Prevent others from following the link from your hacked tweet.

Step 8: Post to your blog (i.e. somewhere other than Twitter) to let people/friends/followers know that you’ve been hacked, not to click on links that seems suspicious and when your account has been secured.

If you need help with the clean up or want more advice on how to prevent your account from being hacked you can contact me.  I consult on a number of different topics including social meda, manage Wordpress maintenance, and  help clients manage their time effectively.

Find this post helpful? Please subscribe to our RSS feed!

  • dylangirl99
    Thank goodness you have this info. When "it" happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.
  • dylangirl99
    I have been hacked people tell me. Apparently someone used my twitter name and sent disgusting tweets to people on my act..I am so upset. First I changed my password. But I'll go back and see what else I can do. If I'm not sure it's over I might contact you!!! Kim (on twitter) gave me your name.Thanks and I'll be in touch.What do we have but our communication on twitter-so embarresed the men recieved things I would not dream of saying(some were to polite to ask if I wrote those!-eeeks)(dylangirl99)
  • Feel free to contact me if you need help.
  • Wendy
    Yep. Got hacked. Fixed it based on your article. Feel stupid. Question: how do you ALWAYS know what link will get you hacked?
  • Don't feel stupid! Many people fall for it. I'd just be cautious regarding any links you click. Download Tweetdeck and activate the "preview URL" feature which will tell you what site you're visiting before it goes through. Especially be cautious if you don't typically DM with the person that's sent the link, even if you trust them. You can always ask them to confirm that they sent it before you open it.

    Also, when you visit a link that asks you to log into Twitter, make sure it's twitter.com in the address bar before you login.
  • Thanks very much for this, a lot more people seem to be affected today and I've passed the link on to them
  • Thanks, Jane, for sharing the link! I hope it's helpful.
  • Deb
    Hi Michelle. Very helpful post. I haven't got any phishing DMs and don't have any OAuth permissions (checked that a couple of months ago). But saw your tweet and decided to check things out anyway. Now I can't find Connections anywhere under Settings. I wonder if Twitter has changed since your original post in November. Or if it just doesn't show up now when there are no OAuth permissions. Or maybe it's just me! :)
  • It could be you don't have any connections? If you know you have some OAuth privileges then I'd suggest contacting Twitter support to let them know it's not showing up for you.
  • Great advise. It seems the DMs on Twitter are usually suspect when these things happen so I stay away from opening those links altogether unless it's from a trusted source.
  • JeffBarden
    Thanks for this post. One question. How can my account be hacked without me clicking on a bad link?
  • Jeff, could be the OAuth permissions you've got on your Twitter account, check them out in your settings page and disable anything that you don't 100% trust.
  • Great info Thanks
  • prowse
    That darned Imogeen Heap, I just new she was up to no good!
  • michaelkennerley
    Oh, How I wish I had seen this about a week earlier. Hundreds of messages about some IQ Quiz were sent out over my name and I didn't know how to stop them. I tweeted for help and some kind soul suggested I change my password. I did that but was locked out of my account and couldn't reach anyone for help. I then opened a new Twitter account with a new name managed to access my old account and one by one followed my previous list. It took a lot of time and the whole experience has been a nightmare.
    Had I known what to do I could have saved a lot of time and angst.
    Your advice is well taken. Thank you!
  • Sorry to hear you were hacked so badly! Hopefully this will serve you if it happens again in the future!
  • Great tips - thanks to @ChrisPenn for RTing the link to this. I saw this post before, and thought I had bookmarked it, but couldn't

    ' find it. The only thing I would do differently is send the tweet 1st that says yr account has been hacked, then go do all of the rest of the items on the list! The other thing I would do it to reteweet this post out, is that if anyone in your twitter stream did get hacked, they can get themselves out of it.
  • Chris is super awesome about spreading the word!

    My reasoning for sending users through the process of changing passwords first is to stop the damage and spread of the DMs by cutting off access to their account. If folks catch it quickly enough it'll be easier to contain.

    Please feel free to share the post. I'm happy that it's helping so many people in the community recover from being hacked.
  • I may not have been hacked but only received some of these DM's. How do you know? I noticed them 2-3 days ago, never clicked on them, do not get repeats.
  • Check your sent DM regularly. If you see something that you didn't send and it reads spamy then you've probably been hacked.

    And don't click on them and you should be fine ;)
blog comments powered by Disqus
Customized by chelpixie | Designed by Elegant Themes