Twitter DM Spam/Possible Hacking of my account?

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#1
Today I've been spammed with DMs from most, if not all, of my followers. Since the first one that I saw was from a trusted person, I clicked on it! Twitter asked me to log in again, then replied with "The page.... cannot be found."

I've Googled for help and can't seem to find anything.

I'm about to change my Twitter password.

Anyone get anything like this today? Should I worry a whole lot that I clicked on the first one I saw?

funny pic of you 2.jpg
 

iphonewarrior

Moderator
Moderator
Apr 11, 2008
13,847
701
113
#2
That's why I dm'd you earlier to tell you that you were spamming people. kadelic and sara have been sharing the spam round too.

Change your password and remove the third-party app from your twitter account.
 

fearofnormalcy

Evangelist
Gold
Jul 8, 2010
1,742
118
63
New Port Richey, FL
www.facebook.com
#6
I was hacked and received the same DM from most of my followers. I jut revoked access from all the apps associated with my account to be safe.
Ditto. I got the same DM from you.

Says "LOL...funny pic of you" with a hyperlink, but the link redirected me to a seemingly normal Twitter login page, only the URL was Twpitter.com....dubious to say the least.

I too was just coming here to let you know.
 

Ron7624

Member
Bronze
Nov 11, 2011
82
14
8
#8
Not me, but I'd be changing my password pronto.
On another note I keep getting my Hotmail accounts hacked. I changed my favorite pet's name (Security question)and deleted all of my contacts in hotmail and that stopped it . For now.


Sent using iCafe app
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,506
113
Utah
#10
It's called phishing. The hackers hook you by sending you a DM from one of your followers who has already been hacked. When you click on link that is sent from your friend's account, it takes you to a fake Twitter page they have created and it asks for your password. The hackers can view and steal your password if you put it in here. Once you're hacked, DMs from your account will then be sent to your followers so they can collect more account passwords and spread their spam.

Be very wary of anything on Twitter that asks for your password as you are already logged in and shouldn't need to provide it again. Also, after you change the password, the hackers may send you an email asking you to change your password, which is an attempt to try to trap you again. Instead, go to Twitter on your own (opposed to clicking their link) so you know it's the authentic site and not another phishing attempt. You'll know it's the real site if you see https instead of http. The "s" stands for secure and indicates that it is the real site.
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#11
Instead, go to Twitter on your own (opposed to clicking their link) so you know it's the authentic site and not another phishing attempt. You'll know it's the real site if you see https instead of http. The "s" stands for secure and indicates that it is the real site.
The lesson I learned is that you can never let your guard down when on the Internet. I think that even people who know this stuff have a chance of falling for the scam because they're caught off guard. This is what happened to me. It would be nice if there were a browser add-on to make the background of the entire URL bar (and not just the initial part which states the protocol being used) bright red when on an http:// site as opposed to an https:// site. Or maybe make the protocol part of the URL two font sizes larger than the web address.
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#14
I got hit on Safari on iOS first, but when I switched to the desktop (on Chrome), it didn't alert me. I guess the scam was new and it hadn't been reported to Google's Chrome team yet. I'll go ahead and report it to them today.
 

iphonewarrior

Moderator
Moderator
Apr 11, 2008
13,847
701
113
#17
This has spread because people have opened the link sent to them via DM then when they've been asked to enter their username and password - which in turn has allowed a bot to automatically log onto your account and spread the crap everywhere else. It happens all the time unfortunately.
 

Kadelic

Genius
Gold
Jan 4, 2010
4,935
1,645
113
Dallas, TX
#18
I'm obviously guilty of entering my password. :oops: I know better and usually ignore/report crap like that. I had just woken up and I saw the "found a funny pic of you" line. The guy who was supposed to have sent it was a guy I used to work with. It seemed credible that he could have found a picture taken at work or at a party. Of course he could have iMessaged it to me since we text every once in a while. Never again! :cautious:
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#19
It's interesting that after changing my Twitter password yesterday, OS X still lets me Tweet (via the Notification Center function) without having to enter my new password. Same goes for iOS. One would think those OS's would need to re-authenticate me in for order for me to Tweet...

If someone who doesn't know any better was playing with a Mac at an Apple Store and gave the OS his Twitter credentials, then saw the light later and changed his password from home, anyone with access to the back back at the Apple Store could just go on Tweeting as him indefinitely?

Edit: I think I found the answer to that: "Yes." At least as of August 2011.
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#20
More Twitter fun:

I just received an e-mail--which appears legitimate--which starts out like this. Anyone else get one?

"Hi, Rafagon
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account."