Getting Twitter Spam? Here’s how I deal with it

This is the second part of a post series I started a few days ago, dealing with Twitter spam.

What got me thinking about it was the recent spate of incoming DM tweets from trus­ted people I follow. I received another one this morning.

I’m coming at it from the perspective that it’s not deliberate. Rather, these unwitting spammer’s have fallen vic­tim to diabolically-crafted account phish­ing schemes and their Twit­ter accounts are now compromised and sending spam without the real account owner’s knowledge. As such, I always give owners of spamming accounts the benefit of the doubt, once. Only once.

Part Two — How to deal with Twitter spam

If it’s a normally trusted user sending spam DMs
A spam DM (Direct Message) can only come from someone you follow. You can only reply via DM if you, in turn, follow that account. This is why it’s such a disappointment when you receive spam from a trusted source…but remember, at this point we believe the account has been compromised.

The process I use is rather simple yet it gives the account owner a chance to:

  • recover control of the account,
  • let their followers know what’s happening,
  • continue to be a responsible member of the Twitter community.

Alert the spamming account
First contact the spamming account. I do this through DM to allow them to safe face, and deal with the issue in their own way and timeframe.

  • Let them know the account has been compromised
  • Ask them to change their password, so the spammer can’t get back in
  • Ask them to review outgoing DMs to see who was spammed, to alert their community and verify that they indeed did send the spam
  • Ask them to check their ‘approved app relationships’ that they’ve given account access to. This is usually personality quiz or ‘What Hero Are You’ type apps. If something is suspect, revoke the apps access.

Here’s what I usually send, via DM:

I think your account has been compromised - just sent me 'quiz' spam. Check your Sent DM, change PW, & review Settings/Connections

Non DM ‘Mention’ spam
If you notice a tweet or RT (ReTweet) that has your twitter name mentioned, but a spammy shortened link in the body (not one you’d used) run, do not walk to your DM panel.

Your tweet was harvested and hijacked by spammers. The content was altered to include the spam shortlink, making it look like you sent the original tweet.

Send a DM to @spam with the account name. Twitter folk will deal with the account. And let your followers know that a previous tweet was hijacked. You will, of course, need to follow @spam (which is kinda weird) but it works 🙂

So, as far as Twitter spam goes, that’s how I roll. How ’bout you? Do you have any cool or crafty techniques you use to deal with spam?

There’re two parts to this subject, which logically means that I’ll deal with it in two posts:

How to avoid becoming a Twitter spammer, the easy way

Over the last few weeks I’ve been receiving spam on Twitter from trusted people I follow.

It’s not that they’ve all been overcome by the need to monetize their Twitter accounts (there, I said monetize in a blog post, I’m doomed), rather, they’ve fallen victim to diabolically-crafted account phishing schemes and their Twitter accounts are now compromised.

There’re two parts to this subject, which logically means that I’ll deal with it in two posts:

Part One – How to avoid becoming a Twitter spammer
To keep from becoming an unwitting victim of Twitter scammers hijacking your Twitter account for their own nefarious purposes, there’s really only a few simple things to remember:

Only give your Twitter password and account name to people or services you trust — treat it like your email or bank account.

And Verify
Verify that the Twitter login page is actually associated with the Twitter domain, and not a numbered IP address or some other domain name. It should always be or As long as the domain name is OK, you should be fine.

A high-tech solution
Don’t use your Twitter name or Password to sign up for ‘free offers’ or personality tests. Instead, open a new tab on your browser, log in to Twitter the normal way — this sets up a secure session. Now that you’ve established a session with Twitter, go back to the previous tab with the twitter service showing you the password requester. Refresh that page, and you will likely see a OAuth login, like this one.

OAuth is a more secure way to give a third-party access to your Twitter account, without revealing your password.

But don’t rely on technology alone, no process if fool proof — even OAuth.

Consider the first two points and always weigh the risk. Ask yourself the question, “is it really important for me to give them my Twitter login, take that personality test, and potentially spam my friends and followers — putting my reputation at risk?”