Help! Someone's hacked my Twitter!
Micke Kring
·
I don’t understand! Suddenly my Twitter account is sending a bunch of spam. I must have been hacked. What do I do? Why is this happening?
How does it work? This is where people who want to get hold of your account try to trap you. A message with a link can be a good lure. Preferably—and often—from someone you know (who already had their account taken over). You trust your friends. 
Have you received something like the message in the picture? There are tons of variants and new ones keep appearing. A DM or someone mentioning you and including a link that looks a bit dodgy. Often comes in variants like: I saw a funny picture of you https://tinyurl.com/deow3rwe What an awful picture someone posted of you… And so on…
What happens now when I click the link?
Ouch, curiosity got the better of you and you want to take a chance and look at the picture/video/link. 
This is when you will most often be taken to a page similar to the one in the top picture. It looks like a real login page, asking you to verify or log in to Twitter again because the session or something has ended. Make it a habit now to look at the address bar in your browser! Is it a real address that points to Twitter? Twitter web addresses should ALWAYS end with twitter.com. It can have https:// or https:// before. Watch out for addresses that look like the real thing, e.g. https://twitter.example.com. That address does NOT end with twitter.com. There are different variants of this and they come in various forms and sizes. If you now log in on this fake page you are handing your login details to the spammer (usually not a human but more likely a spambot, so it’s nothing personal).
But why do they do it like this?
What will now happen is that even more similar messages will be sent to your friends from you, so more people will get hit. One of the goals may be to build a distribution network to be able to send out a lot of advertising and other stuff. Or there may be darker motives. We can only speculate about that.
What do I do now?
Start by changing your password. But that might not be enough. Sometimes it’s not your login details they’re after. You may have been asked to authorize an app or similar that has the ability to post in your name. Then you can change your password as many times as you like. So, to be safe we’ll also go through the next step. Now you should also take a look at which apps have permission for your account. What, apps, you say? Yes, there are apps in Twitter too. These make it possible for, for example, your iPhone to communicate with Twitter. Or maybe you created an account on a site by using your Twitter account. All of this is fine, but we’ll check if there are any apps that aren’t okay. 1. Log in to Twitter 
2. Click the “gear” in the top right and click “Settings”. 
3. On the left side, near the bottom, you’ll find “Apps”. Click that. Here all apps that have access to your account are listed. If something looks dodgy you can click the “Revoke access” button to disable the app from your account. You can also see when you approved the app if you want to do a bit of detective work.
I don’t want this to happen again
No, it’s not fun to have your account taken over. Just remember that it can happen to the best of us (but not me ;)) so don’t be too hard on yourself. Make it a habit to think twice before you click on—or authorize—anything. Look in the address bar—am I on a page that looks legit? Just because it looks like Twitter doesn’t mean it is. And don’t forget, this doesn’t only apply to Twitter. Email from “your bank”, Facebook and other services have the same problems. And hey—you do know and keep track of which apps on Facebook you authorise, right? If not, maybe it’s time to take a look there too… LINKS: Twitter’s own guidelines on how to keep your account secure
About the author
Micke Kring
I'm fascinated by what happens when people and technology meet. After nearly 30 years in education and development, I explore, prototype and teach AI with the same playful curiosity as when I first started out.