Twitter Spam – how you can prevent it

This brief post in answer to FutureCapeTown‘s desperate request for assistance over Twitter DM spam, which seems to be an ever increasing problem:

@6000 Write a blog post about it. For the sake of our DM inbox.

Most Twitter DM (direct message) spam from your followers or followees comes from someone doing something a bit foolish, like giving their login details to an unscrupulous third party, which then (unsurprisingly) acts unscrupulously, as is the nature of the beast.
Of course, most users would baulk at the suggestion that they would ever willingly share their password with any third party, but that’s actually what you do each and every time you authorise an app to use your login.
Many (most?) apps are completely harmless in this regard, but if you authorise a dodgy app which is phishing for your details, then you only have yourself to blame. And what does a “dodgy app” look like exactly? Well, if you need me to tell you that, you’re probably in trouble already, but thankfully Twitter steps in to spare our blushes:

Be wary of any application that promises to make you money or get you followers. If it sounds too good to be true, it probably is!

Beware also of links promising free shopping vouchers, iPods, iPads and weight loss tips. And have a look at Twitter’s SpamWatch account.

So how do you know if your Twitter account has been compromised? There are a few rather obvious signs:

Have you:

• Noticed unexpected Tweets by your account.
• Seen unintended DM’s (direct messages) sent from your account.
• Observed other account behaviors you didn’t make or approve (like following, unfollowing, or blocking).
• Received a notification from us stating that, “You recently changed the email address associated with your Twitter account” (even though you haven’t changed your email address).

If so, then yes, your account has probably been compromised. Incidentally, if you are on the receiving end of such spam, don’t click on any links therein, but do let the sender know that you received it. Then they can prevent the problem from continuing.

Right, so your account has been compromised. How do you uncompromise it?

3 quick and easy steps:

1. Change your password, via the Password Tab in Account Settings.
2. Revoke access to any applications that you don’t use or don’t recognise, via the Applications Tab in Account Settings.
3. Update your password on trusted 3rd party applications.

It might also be a good idea to scan your computer for malware as well, especially if the problem persists despite taking the steps above.

The best thing to do is not to be silly in the first place. You wouldn’t wander round giving your PIN code to everyone, would you? Guard your login details in the same way, stand back and watch as none of the above applies to you. And limit those dodgy links as well – report spam you receive (using the “Report Spam” button) and let Twitter admin do the rest.

Incidentally, the same rules apply to Facebook as well. You can change your password via this page and revoke dodgy apps here.