Phishing Scam Alert: Twitter Direct Messages

Social media website Twitter is everywhere these days and used by millions of people around the world. Now, in an effort to take advantage of this situation, online criminals have rolled out a new scam, which originates from what is designed to look like a legitimate Twitter account.

With this scam, consumers are generally contacted by email from a bogus Twitter account. The email subject line will say something like “Have you seen this picture of you?” The recipients are invited to click on a link to the image, and once they do that, they are usually taken to a website to “verify the authenticity of the picture.” That’s when the pain starts.

How the Scam Works and What It Can Do

On the site that they are redirected to, consumers can unwittingly be inviting the scammer to load all manner of malware onto their computer, which can wreak all manner of havoc. Sometimes this malware involves worms or Trojan horses. Other times the malware begins to immediately attack the consumer’s operating system, corrupting file after file.

Rather than to infect people’s computers, however, the main reason why online criminals employ the aforementioned “picture” bait for is to pull consumers into a scam where they can phish for their personal information.

Sometimes when consumers click on the link to see the imaginary picture, they will get a warning message from Twitter noting how to recover a lost password, how to unsubscribe from emails like the one received, and what to do if the message was received in error. Regardless of whether they receive a warning message, however, once people click on the link they are potentially exposing sensitive information that the scammer can use to their advantage.

What Phishing Is

Extracting personal information this way from consumers is called phishing. In a phishing scam, the consumer unknowingly opens their computer to the scammer’s computer. Information such as passwords, account numbers and credit card numbers is then lifted directly from the consumer’s device. From there the scammer begins defrauding the consumer, engaging in activities such as opening credit cards in the consumer’s name, or even emptying their bank accounts with bogus money transfers.

Avoiding the Scam

Avoiding the Twitter phishing scam can be as easy as simply deleting the scammer’s email. Above all, common sense is the greatest tool you can employ to prevent yourself from falling victim to this type of scam. Of course, if you receive a direct message from what appears to be a Twitter account but you are in fact not a user of Twitter, chances are good that it is from a scammer.

In general, identifying a Twitter phishing scam message is not difficult. In any email you get referring to the social media site, be on the lookout for the following:

  • If you are a regular Twitter user, be aware of shortened URLs or shortened links. Also look for links that are misspelled. These are telltale signs of phishing activity.
  • A generic opening, which could be indicative of a phishing scam
  • Any request for personal information

What to Do if You Get Caught by the Scam

If you make the unfortunate mistake of clicking on a link involved with a phishing scam, you should undertake an immediate program to combat any potential damage.

Contact your bank and any other financial entities with which you have accounts, informing them of the potential for fraudulent activity in your name in the weeks to come. Also, contact the three major reporting credit agencies (Equifax, TransUnion and Experian) and request that a fraud alert be placed on your credit report.

Finally, you should undergo the arduous process of cleaning your computer’s operating system of any and all malware and change any passwords that may have been compromised by the scammer.