Twitter Phishing and Dealing with the Hijacked DM Dilemma

Business As Usual


he dreaded phishing Direct Messages ("DMs") imploring you to check funny photos of yourself, review bad comments being made about you, see who's visiting your profile, etc. can really run amok in Twitter. But, what to do about them? Well, ignoring them completely isn't entirely a bad policy, however those accounts pushing these irritating DM's to you quite likely are unaware they are even sending them; try and be socially responsive and give an assist to those you think might be socially irresponsible. As pervasive as this problem can be, it behooves us all in helping the entire community engage freely while working to limit this type of activity. Let's take a look at what is actually going on here before talking about what to do - understanding and identifying these appropriately will go a long way in dealing with them.

What It Is: Phishing Off Of Someone Else's Pier

As with any other point of breach on the web, there are several avenues potential hijackers or spammers can take to gain control of a Twitter account. There is distinction to be made between "spamming" and "hijacked" accounts (and depending on what has actually occurred, further distinction lends itself between "hacked" versus "hijacked", but for our purposes and in avoidance of that debate we will work with "hijacked"). The bottom line is the reality of the sophistication and frequency of spamming tweets intended to hijack your account, so let's break these down:


Spam comes in many different forms, but the kind we are specifically addressing here will always contain a link, and nearly always implore you to click it in a rather exaggerated fashion (to keep up with these, we reference a running list of the latest warnings published by TweetSmarter). twitter phishing direct message hooked Most of what we think about as typical examples of spam are not overly sophisticated (tweets that are obvious advertisements, e.g.), but large networks of fake, malicious Twitter accounts can be grouped for spamming with great efficiency and little recourse in preventing them. Hundreds to thousands of these fake accounts are then co-ordinated in tweeting "humanesque" content that is either fully or partially machine-generated.  Unlike typical spam, these fake accounts are created and run by bots that attempt, as closely as possible, to mimic normal human behaviour, actions and content. The spam will contain links that, once clicked, utilize several approaches in garnering a user's login credentials or install apps to take over (i.e. "hijack")  the accounts in order to, you guessed it, send more spam.


Hijacked Twitter accounts are therefore an oft-used vehicle for sending spam.  Simply put, a hijacked account is one that has been compromised by taking control of the account to issue tweets for the fake account under the guise of being legitimately published by a legitimate account.  Often, Twitter account owners are completely unaware that their account has been hijacked.  A cute variation of hijacking is perpetrated out of Twitter's retweet feature, where a spammer attributes your Twitter handle behind a RT (as exampled by our own account below). Since these are not exactly an impersonation, they slip through a Terms of Service loophole but are nonetheless just as malicious. 

How It Happens: "Tweet As I Would Tweet, Not As I Would Automate"


e're not sure what's more frustrating: being duped into an action that compromises your account, or having the account compromised by doing absolutely nothing wrong at all. Regardless, it can happen to you either way. Sophisticated spammers work firstly and foremostly to avoid Twitter's detection and suspension of their accounts. In mimicking typical human patterns and content with the accounts by following, replying, retweeting more and twitter phishing direct message spamtweeting less, it becomes difficult in distinguishing a spamming account from a legitimate one. Spamming accounts may even function for quite some time without ever issuing a spam link, working to establish themselves as legitimate accounts first. Additionally, some spam accounts may serve by never issuing any spamming links at all, instead being used within large controlled groups in making other fake accounts more credible by following and retweeting them to enhance their supposed popularity and assumed credibility. Twitter works to suspend bad applications and block spamming links, but spammers simply issue new links to new sites and apps within similar tweets until Twitter (hopefully) catches it again.

Whether at the hands of your own actions or as consequence of just being on the web, here are typical ways in which your Twitter account becomes compromised:

Your local device becomes infected with malware designed to compromise your account

You provide your login credentials on a malicious page

this is the main method used by hijackers; when you click the link, you are taken to what appears to be a Twitter login page, but it is not. If you enter your password on one of these fake login pages, the hijacker can then hijack your account and will summarily begin issuing spam tweets or DMs, trying to hijack other accounts (reference TweetSmarter's updated list of Alerts, Warnings & Hijacks).

You are utilizing a wireless connection over non-https

there shouldn't be any reason why we'd have to explain why this is a terrible action...

You are using a wireless connection with Twitter set to access only over https

it is rare, but possible for someone to “listen” in for awhile and crack your information or figured out how to initiate a “man in the middle” attack that fools your computer into thinking it is connecting to Twitter.com directly, when it is not.

You click on a popup while browsing the web that requests authentication

You use the same password on multiple sites

your password was stolen from one site and is being used to login to others

A spammer adds "RT" in front of your handle to their own malicious text/tweet

as exampled here on our own Twitter account: twitter phishing direct message 05

What To Do: Axe the Hacks & Can the Spam

Having your Twitter account inundated with these DMs or hijacked to issue them is unnerving and frustrating, but taking some precaution and procedure as an active participant in this Social community is part responsibility and part obligation.  Life and existence in viral mediums requires actions that you both should do, and have to do.

I saw a real bad blog about you; you seen this?!

Nope, you haven't seen it, nor do you want to - these are not regular spam, instead being issued from hijacked accounts.  Clicking the link here from one of your true and trusted followers is tempting for most; taken by itself twitter phishing direct message04they appear legitimate.  Seeing these DMs in your Twitter inbox repeatedly however, and you readily recognize these are spamming links sent from a well-intended follower's hijacked account.  Stopping spam entirely is rather futile, as no social site is immune to this possibility and identification can be difficult.  Given the points of entry above, let's stay aligned and address these specifically:

Maintain an updated anti-virus software and do not login to computers and devices you do not manage yourself

Simply do not login to Twitter unless you have typed it in, or see "twitter.com" in the URL of your browser

Edit your Twitter account settings by turning on "HTTPS Only - Always Use HTTPS"

Exercise caution and discretion: look and question yourself before clicking on web content

Use unique passwords on all sites; utilize a password generator and manager that affords secure single-sign on as organizational policy.


Review your 3rd Party Applications and revoke any that you do not recognize

Do not "auto-follow" everyone, and be selective as to those you manually decide to follow

Be observant and diligent, keeping an eye on your account and reporting malicious activity to Twitter via their Support Center Form

Block or Unfollow the contacts of unwanted spammers

Implement tools to assist with spam reduction (SocialToo, TwitSweeper, TwitBlock, Twit Cleaner, StopTweet, etc.)

Selectively "Opt Out" of spamming tweets from SocialOomph, one of the largest Twitter tools by following this defined process: http://www.socialoomph.com/optout


s a free service, some diligence is required of those of us having decided to join the community in assisting with the problem. While Twitter takes a rather passive approach in identifying spammers (let's reiterate, this is a free service), they do have algorithms (whatever those may be) to tag potential spamming accounts, and have recently introduced its own URL shortener twitter phishing direct message04that preserves the initial few characters of the user's domain to help identify what site you would be going to with these links. It is of benefit to everyone, especially the innocent, to know that their account has been compromised. Help your follower or fellow tweeter by sending them a quick DM along the lines of "FYI: Your account may have been Hijacked" coupled with a link to useful information to assist them in dealing with this common problem ("My Account Has Been Compromised"; "Twitter Phishing and Dealing with the Hijacked DM Dilemma").

As with any social network, the best basic policy is to use common sense, and common courtesy.

(3 votes)
Read 5601 times


If you found this post and information useful, please reference our other material: