Hacking and Phishing attacks have been a problem on Twitter for a while, and they show no signs of slowing down so I thought I would post some tips to help other Twitter users not become the next target on the hacker’s list.
There are two main methods by which a hacker can compromise your Twitter account:
The main method to hack your account is to simply trick you into giving the hacker your account details, or trick you into allowing a rogue App access to your Twitter account.
A usual way for a hacker to do this, is to send a Direct Message to you from an already hacked follower account. This message has taken the form of ‘This person is spreading nasty rumours about you’, or ‘Look what people are saying’, or more recently ‘how is this possible?’, or ‘what?’. The message will also contain a link, typically created through a URL shortening service such as tinyurl.com. If you click on this link then you will be taken to a fake Twitter website where you are asked to confirm your Twitter details and/or allow access to a Twitter App.
After doing this, the hacker can access your account and can re-send the DM on your behalf to the next wave of targets (all your followers…). Tweets will also be posted to your timeline, with links to spam or malware.
2) Password cracking
The less likely way for a hacker to gain access to Twitter accounts, is to simply keep trying variations of passwords until they find the correct one. This might sound unlikely, why would someone bother hacking your account in preference to anyone else on Twitter. However, most hacking is performed using automated scripts, and so the image of a hacker sitting in front of a computer targeting you personally hasn’t been true for several years.
Their hacking script will build (and add to) a list of target accounts, and then keep trying passwords over a long period of time until the correct password is found. Obviously, if you have a common and/or simple password then within a few days, weeks (or even months) your account is vulnerable to this sort of attack.
Once the hacker has access to your account then they can use automated scripts to send out spam direct messages to all your followers, or post spam tweets on your behalf.
How to prevent being hacked
- Change your password to something which is complicated and over 8 characters long. It should contain a mix of upper-case, lower-case, numbers, and special characters such as ‘@’, ‘!’, and ‘$’. Your password must not be the same as your username, or commonly used phrases such as ‘mickeymouse’ or ‘abc123’. It also should not be a name or common word/phrase as these are vulnerable to ‘dictionary’ attacks.
- If you receive a DM from someone you don’t normally have contact from, or if a DM seems out of context, or contains a link, then don’t click on the link. If the DM could be genuine, then send a reply to the sender and ask them to confirm that it is genuinely from them.
- If you see an ‘out of context’ tweet on someone’s timeline (similar to the below example), then don’t click on the link.
If you have been hacked
- Change your Twitter password immediately. Also change the password for the email address that your Twitter account is registered with, particularly if you used the same password for both.
- In Twitter, click on the Settings ‘gears’ icon, and select ‘Settings’. Click on ‘Apps’. Review the list of apps which you have allowed access to your account. Click ‘Revoke access’ for any which you do not recognise.
- Review your Twitter timeline, and delete any spam tweets.
Hope this helps, the main points to remember are “secure password” and “don’t click on unsolicited links“!