Over the last few weeks I’ve been receiving spam on Twitter from trusted people I follow.
It’s not that they’ve all been overcome by the need to monetize their Twitter accounts (there, I said monetize in a blog post, I’m doomed), rather, they’ve fallen victim to diabolically-crafted account phishing schemes and their Twitter accounts are now compromised.
There’re two parts to this subject, which logically means that I’ll deal with it in two posts:
Part One – How to avoid becoming a Twitter spammer
To keep from becoming an unwitting victim of Twitter scammers hijacking your Twitter account for their own nefarious purposes, there’s really only a few simple things to remember:
Only give your Twitter password and account name to people or services you trust — treat it like your email or bank account.
Verify that the Twitter login page is actually associated with the Twitter domain, and not a numbered IP address or some other domain name. It should always be http://twitter.com or https://twitter.com. As long as the domain name is OK, you should be fine.
A high-tech solution
Don’t use your Twitter name or Password to sign up for ‘free offers’ or personality tests. Instead, open a new tab on your browser, log in to Twitter the normal way — this sets up a secure session. Now that you’ve established a session with Twitter, go back to the previous tab with the twitter service showing you the password requester. Refresh that page, and you will likely see a OAuth login, like this one.
OAuth is a more secure way to give a third-party access to your Twitter account, without revealing your password.
But don’t rely on technology alone, no process if fool proof — even OAuth.
Consider the first two points and always weigh the risk. Ask yourself the question, “is it really important for me to give them my Twitter login, take that personality test, and potentially spam my friends and followers — putting my reputation at risk?”