How To Avoid Twitter Phishing Scams

A couple of weeks ago, Mashable reported that Twitter had reached an impressive new milestone: Twitter users were sending more than 50 million tweets a day. Unfortunately for Twitter, however, this number masked a more important issue. As Twitter continues to grow and become a more permanent part of our social lives on the web, what steps has the company taken to address the ongoing problem of spammers, scammers, and other cybercriminals?

In a twist of social media karma, just a couple weeks after Twitter hit its 50 million tweets a day milestone, this very problem manifested itself in the form of a widespread Twitter phishing scheme. While the attack seems to have dwindled now that Twitter has frozen the majority of the compromised accounts, the fact that it was able to grow as quickly as it did in such a short period of time is disconcerting to say the least.

In Twitter’s defense, however, most phishing scams only become a problem if users fall for them. Furthermore, given the sophistication of modern phishing attacks, it’s not hard to see why users are getting tricked. To this end, we here at ReputationDefender thought it would be the perfect time to help users understand some of the ways to recognize and avoid phishing scams.

• Ask yourself, “Who is sending me this message?”

The thing that made Twitter’s recent phishing attack so effective is the fact that the spam messages appeared to come from a user’s friend. The built-in sense of trust within the Twitter community (and social media communities in general) has made it very easy for scammers to trick people into clicking on shared links. That is why it is important to ask yourself, “Who is sending me this message?”


If you’re receiving a very generic direct message on Twitter from someone that you never get direct messages from, that should raise some flags. Furthermore, if the person that you’re receiving the direct message from is only someone that you don’t know very well, or know only through Twitter, ask why they might be sending you a message now. If you take a moment to consider the source of the message, you may able to avoid the phishing attack entirely.

• Ask yourself, “What does this message mean?”

As I have already alluded to, the content of a phishing message on Twitter is often generic. In the most recent attacks, scammers used a variation of the phrase “somebody wrote something about you in this blog” or “this you???”. While it is certainly tempting to follow up on these links (why wouldn’t you want to know what somebody may have said about you online), if you take a moment to consider the message, you might figure out why it’s a bad idea to keep clicking.

If a friend were really sending you a message to let you know they found something about you online, would they tell you in such a generic way? Surely, they would give you some clue as to where it is you appear and in what context. If not, then they’re pretty poor friends. If you’re not sure that the link your friend is sending is authentic, before you click on it, try and contact them through some other means to verify the content.

• Ask yourself, “Is this the right website?”

The most important thing you can do to avoid becoming the victim of a phishing scam on Twitter, or anywhere else for that matter, is to learn to recognize phony websites. In the case of the recent Twitter phishing attacks, users were tricked into giving up their log-in credentials because the site they were taken to looked just like Twitter. If they had taken a moment to look at the domain name of the site in their browser address bar, however, they would have seen that it wasn’t actually Twitter.

Whenever you’re using the web, it is important to take stock of where you actually are. Scammers are very adept at making websites seem authentic, but there are always signs that separate the phony sites from the real thing. Knowing what to look for can save you the embarrassment of getting caught on a phisher’s hook.