DISQUS

UnMarketing: Sorry, You’ve Been Phished. What?

  • japmanbajaj · 1 month ago
    A few comments:

    1) Any business or social media blog post that makes a reference to Sesame Street right off the top automatically becomes one of the top ten blog posts ever written. This only presents problems once the 11th blog post gets written that starts with a Sesame Street reference. We'll cross that bridge when we get to it.

    2) Please Note:It's "Twitterstan", not "Twitterville". Don't hate the messenger.

    3) Apparently, Scott gets DM's from his followers that say "BURN HER".

    4) Not sure what you meant by the 15 year old who just hit puberty. Do they spend a less-than-average amount of time on the internauts? And with all the stuff in our milk and stuff, are there any 15 year olds left that haven't hit puberty? Aren't we starting at like.. 11.. now?

    So Long. And thanks for all the phish. (you knew it was coming)
  • Liz Pullen · 1 month ago
    I think it's funny that people say, "My account has been hacked!" when they've actually given their password up. I'm sure Twitter has safeguards in place to guard against wide-spread hacking and would post an update if there was a problem. Just don't hand over your password, folks, unless it is an authorized Twitter sign in page.
  • annegreen · 1 month ago
    Nice Pumpkinseed! I'm an Ernie fan too. Wish there was a way to get revenge on these evil doers. Work on that will you? Thanks.
  • Ryan Meray · 1 month ago
    It's nice to see someone with your reach warning about this stuff. There's only so many people I can reach and warn, and too many people are falling for it these days. Social engineering techniques like this are why viruses and spam are such a big problem. Sadly, I don't see this trend getting better anytime soon. :(
  • legalva · 1 month ago
    Thanks Scott for helping us all understand phishing.
  • BrendonWalker · 1 month ago
    Very helpful and to the point. Though, should I feel "unpopular" that I never get these DM's? Maybe all my friends are way too clever??? :P
  • Harlan Kilstein · 1 month ago
    Scott, your last two posts have been brilliant. Unfortunately, Twitter is too successful and is designed to be hacked.

    Keep it up. good stuff.
  • GunesY · 1 month ago
    Now that's a blog; you defined the problem, showed us how not to fall for it, and the bonus link to check who has access was an awesome touch! Not to mention the Ernie opening. How can a blog starting w/ an Ernie quote go wrong??

    Thanks for sharing your knowledge (and humor) with us!
    gunes
  • Harlan Kilstein · 1 month ago
    Scott, your last two posts have been brilliant. Unfortunately, Twitter is too successful and is designed to be hacked.

    Keep it up. good stuff.
  • Jennifer Fong · 1 month ago
    Another great one. Thanks for the reminder not to unfollow, etc. We're so trained these days to unfollow anyone remotely like a spammer, that it's a good reminder to send that gentle reminder first to folks we may know.
  • Davidbeking · 1 month ago
    I haven't been phised on twitter yet thankfully...

    Everyone is making $426.23 today! LMAO!

    Thanks for the advice and heads up scott :)

    David
  • lauraambrose · 1 month ago
    Great post. Good idea to remind people to be nice to the victims of the phishing.
  • Stacey · 1 month ago
    Thanks for the info Scott. I have been unfollowing these folks not realizing that they were scammed. Now I know.
  • Karen Lee · 1 month ago
    Helpful info about bad DM's
  • Lisa Manyon · 1 month ago
    Great advice, Scott!

    A friend/tweep of mine was recently phished -- I knew she wouldn't be sending me the 'get rich quick scam' tweets and gave her a heads up. However, I have been known to block tweeps that I don't know too well when those messages start coming my way or they add me to their mafia family.

    Write on!~

    Lisa
  • prosperitygal · 1 month ago
    Scott I love your way of communicating with humor and being straight forward at same time. Reminds me of Dean Hunt, makes it more digestable.

    Thanks for all you share with the community, you are appreciated.
  • juliaerickson · 1 month ago
    really helpful, Scott. Thanks for spreading the word about 1) how to stop being an inadvertent "phisher" and 2) being kind to those who also may be inadvertent "phishers." Both are important to creating a friendly Twitterverse.
  • patriciaeales · 1 month ago
    Thanks for this info Scott! I saw all of this happening today, and fortunately I didn't succumb. However, I did just check my authorized access, and was surprised to see a couple of there that I don't remember authorizing. I've revoked the access and will now be changing my twitter password. Being of the corporate world, I had gotten used to changing my passwords on a regular basis, and so try to do this with my social media sites as well. Proactive is always better than reactive.
  • anneonline · 1 month ago
    I had this happen to my email this past summer. They sent an email to every single person in my address book. I have no idea how, but my sister informed me of it and I replied to everyone that I was sorry this happened and I had it fixed. It was embarrassing as some of the email addresses belonged to former co-workers, some of which I would not want to speak with. The up-side to it all is it put me back in touch with some friends I hadn't talked to in years.

    I'll be sure to pass this along. =)
  • jmaystruck · 1 month ago
    I know for companies that spam through snail mail with discount offers, magazine subscriptions and free vacation offers you need to save the envelopes that they send. This is very important, save all these offers and with the prepaid postage envelopes you now have put coupons and other scams/offers in these envelopes and mail them back to the spammers. Sounds great doesn't it? Finally a way to get back at these evil doers but for online spammers can't we come up with a virus to send back or to get their passwords? There has to be something out there! Great post Scott
  • SandwichINK · 1 month ago
    Excellent job explaining it all to a newbie. I'm going to pass this link on to all the people who send me those DM to help them figure out how to UN-phish-ify :) :) :) Thank you.
  • Perri Jackson · 1 month ago
    Thanks for the heads up, Master Jedi, Sir!! I've appropriately passed it along. While I haven't gotten these, (knock wood or whatever) it has more to do with the fact that I don't rush to answer every TD&H that tells me in 25 chars or less that they 'made money.' Remember, Pet Rocks made money, too. Come to think of it, that is pretty much what a Pet Rock would write, isn't it?
    Who was it that told me to only follow folks who gave me useful info?????? Oh yeah, YOU!!!!
  • Mark Riffey · 1 month ago
    In addition, not all apps are registered with twitter so they wont all show up on that page.

    If you have your twitter password in apps that use your login without the new(ish) app authentication from twitter (including homegrown apps, CRM software, etc), then those passwords need to be changed as well (so that theyll keep working with your new password).
  • Aislinn O'Connor · 1 month ago
    Great advice, especially about being understanding towards the person whose account's been used.

    I once gave my login to a charity so that I could sign a petition against cruelty to animals - next I knew, my account was sending auto DMs (which I don't use) to my new followers, asking them to do the same. Fortunately I found out and pulled the plug before more than a few went out, & I was able to apologize individually to all those concerned - as well as warning my list to avoid the "charity" like the plague.

    That was more than embarrassing enough - how it must feel to find your account's been used to send out porn spam I don't even want to imagine. All credit to you for helping to save people from that experience, or rescue them if necessary.
  • Clare Appleyard · 1 month ago
    As someone who's account was hacked....oh, er...wait....as someone who gave her password out and had DM's sent to all friends, I'm referring all of them to this blog Scott! Thanks for the cosy explanation and stand by as I frantically re-tweet to all and sundry....
  • Lily Iatridis · 1 month ago
    So that's why I got that strange DM from Dabney today!

    Thanks,
    Lily
  • rjnerd · 1 month ago
    More than you ever wanted to know about botnets, http://www.cs.ucsb.edu/~seclab/projects/torpig/... (journal article). A UCSB group "hijacked" a botnet and analyzed the data collected. The bot whose data they intercepted, is one that collects keystrokes, etc... It is the sort of thing that those phishing pages try to leave behind when they can.
  • Allen Mireles · 1 month ago
    Hey Scott,

    Thanks for the link to this post. I will share it w/ my network as well. (I remember when my sons were younger and we used Sesame Street references for many things. Classic, timeless material...)

    My tweet this afternoon was in reference to the specific language re "earning $ on google" and whether that was a phishing attempt that had been reported. Sometimes its difficult to tell w/ over zealous affiliate marketers.

    And then, while I'm on your blog, a quick thank you for the value, compassion, and humor you supply in the Twitterverse *bowing head in deference*.

    Cheers!
  • amberweinberg · 1 month ago
    These kind of scams always make me wonder, how much of it is the user's fault for not paying attention to what site they're on when giving out their password?
  • unmarketing · 1 month ago
    Yep, it's just harder when it's from people you know
  • fjfonseca · 1 month ago
    Wow, really similar to my post that I have done earlier today and that was mentioned by Twitter_Tips. Just a coincidence I am sure.
    http://thezargon.org/2009/11/what-do-to-when-yo...

    You should add, as I mention on my post, that at the moment its not safe to change the password since Twitter is fighting with server side issues regarding authentication, for more than 2 weeks now.
  • unmarketing · 1 month ago
    Great post! nice to see both of us trying to help out!

    And people can choose to either not change their password and keep having their DM's sent out as spam, or change it and not heed that message from weeks ago. I like the former :)
  • fjfonseca · 1 month ago
    As long as you revoke access DMs will stop. Changing the password is the extra security that everyone should have in mind but that, at this very moment, is giving more problems that solution. I had some of my followers changing their password only to have their accounts locked.
  • unmarketing · 1 month ago
    Some phishing scams don't go through the that verification route, so they wont show up in that permissions section
  • Judy Kaylor · 1 month ago
    Great post. Only one minor mistake - John Edward (no "S") is the psychic. If John Edwards were psychic he would have seen his downfall coming and kept it in his trousers.........
  • unmarketing · 1 month ago
    Thanks Judy! Fixed! And thanks for the laugh
  • marieforleo · 1 month ago
    simple. you rock stratten. :) that's all I got.
  • alhanzal · 1 month ago
    Thanks Scott for the warning. One of the benefits of digital networking is the insights and experiences of others so each of us don't have to make the same mistakes. Thanks.
  • j_osborne · 1 month ago
    Excellent Scot thanks for your phishy post! By the way nice catch :)
  • Angelique · 1 month ago
    I'm so glad you posted this! I almost unfollowed someone today for DMing the "I made $$$ today" message.
  • Justin Parks · 1 month ago
    Well played Scott, I will refer some of my clients, friends and family members here as this explains it quite nicely and saves me the bother of writing it up, that being said I knocked up a piece about phishing recently, though its more generic than your own, you might find it interesting: http://www.cloudmixer.com/twitter-phishing-scam...
  • BillCarey · 1 month ago
    Hey Scott,
    Been there someone suggested I change my password and it all stopped. Very wary these days. But I feel much better now that I'm now 45% awesomer...

    Thanks,
    Bill
  • melaniebensonstrick · 1 month ago
    Ah, thanks Scottie for again debunking the twitter realm for us civilians. =-) I'm just hoping they'll come up with some kind of fancy blocking tool quickly before my DM box starts looking like Christmas at the United States Post Office.

    Your greatest fan ever...Mel
  • Diane and Lisa · 1 month ago
    Thanks for the info
  • Cleo · 1 month ago
    Happened to me; although I realized the minute I saw the "video link" was bogus that the Twitter login hadn't looked quite right. Changed the password right away, fingers crossed I won't get any DMs about my DMs!
  • angelphillips18 · 1 month ago
    Now I do recall receiving a message "regarding your Twitter account" maybe two weeks ago, but since I've been showered with phishing messages in the past, I developed kind of immunity to this kind of stuff, but I do receive twits from people asking to ignore some spam that they didn't send. Sad...
  • Paula Robinson RN · 1 month ago
    Scott, I just had a tweet from someone ( friend) who said that I sent her a DM about making money on line. I block all of these people - always have; however, it appears I may have missed one and that someone has phised or hacked my account. I recently after reading another article about who may have access to my account- did what you stated here - unsubcribed (Ex: some Twitter Applications). So now that I got three DM's from people telling me they made $429.00 today,and then a friend notified me via Tweet about it, I guess it is time to change my password. How I get the message out to my other followers that this is NOT ME! I have already had followers drop off because they think I'm spamming them. Thanks, Scott!
  • unmarketing · 1 month ago
    If people send DM's to you with the bad link, that's their issue. Once you've changed your password, etc just send a general tweet-out apologizing for the spam DM's and you can send them to this post explaining what happened if it helps :)
  • Paula Robinson RN · 1 month ago
    Thanks for your reply, Scott. I did change my password, but now having a problem sending out Tweets from Tweetdeck? Guess it is not recognizing my new passwordand says there is a problem? I will for sure RT this message. . .Funny, that is what I was trying to do when I noted the bad links in the DM's. Will have to work with the new Tweetdeck; sorry- it is a bad habit using the old TD name! Great post, and I'm sure I will work it out! Paula : )
  • unmarketing · 1 month ago
    Did you change your password within Tweetdeck?
  • Paula Robinson RN · 1 month ago
    Hi Scott, I did change my password at Tweetdeck but it is now not "recognizing me" and says there is a problem! I probably need to send in a help ticket to see whats up! Thanks for your help- I really appreciate it! PS: I did print the instructions from Twitter about how to change the password etc. but not working correctly. Will keep you posted. paula
  • lben1 · 1 month ago
    Thanks Scott, I would never have guessed that phishing would happen on twitter. I don't tweet much because I don't much care for twitter. The only tweets I get are from porn sites wanting to follow me... Ewwww.
  • Cindy Morus · 1 month ago
    It did happen to me. I clicked on a link but didn't give them any info and they still managed to worm into my account.
  • Stacy Katz · 1 month ago
    Scott, Thank you for providing one of the truly more important and useful blog posts out there. There's surprisingly little helpful information empowering people to take back their Twitter accounts. I also appreciate your call for sensitivity and respect to those of us who have been phished but are authentic people who live/eat/breathe/sleep social media and use it appropriately (most of the time). One note, now with lists, innocents are being called out as spammers and have little recourse to clear their name. Frankly, I think it sucks. I hope the intent is to warn people not to click on links rather than brand people who have been phished as spammers. Would love your thoughts on this. Awesome job.
  • unmarketing · 1 month ago
    Thank-you for the kind words Stacy.

    If you are on a list that you don't want to be (i.e. spammer) block the person who made the list, it will remove you
  • Cynthia Utterback · 1 month ago
    Excellent post! Thanks for reminding me to keep an eye on the connections and that we're all vulnerable to these attacks. Loving your blog lots & Lots!!!
  • Katie · 1 month ago
    Excellent advice - I'm sending this to my followers!! Just not with a DM though...
  • Mary Haight · 1 month ago
    Thanks for this, Scott. Maybe we'll remember if it doesn't sound like a normal communication, it probably isn't. I got a security mssg that stopped me from connecting after hitting the link so no data was passed on.
  • Cheryl Lawson · 1 month ago
    Great post re: how spammers are getting access to twitter accts. Via @unmarketing
  • Jeff · 1 month ago
    Thanks for the post Scotty!
  • Chad · 1 month ago
    Thanks for this. I am having this issue right now!
  • Paula Robinson RN · 1 month ago
    well, I seem to be getting nowhere fast. I changed my password and then notified Tweetdeck; going through the steps according to their instructions, but I have been locked out since I first shared my issue with you yesterday. I can't sign into Twitter, or even send a message through the Help desk because I cannot sign in with my new password. It tells me it is not recognized and then says Wait: I have attempeted too many times with failed attempts, so I'm locked out. This has been going on all day. I'm not sure where to go next. Know anyone over at Tweetdeck who can unlock my account so I can tell my 6,000 followers that I'm not sending out these aggravating DM's? Frustrated :(
  • Paula Robinson RN · 1 month ago
    Twitter status not activated. . this is getting very tiresome just waiting?!?!?!?
  • unmarketing · 1 month ago
    Twitter can take a while to re-activate accounts sometimes. It may have gotten flagged due to the spam DM's. You mostly have to wait it out
  • Mike Andrew · 1 month ago
    Thanks for your timely information, just realised my twitter account was sending unauthorised DMs, now been fixed.

    Regards
  • Mike Andrew · 1 month ago
    Thanks for your timely information, just realised my twitter account was sending unauthorised DMs, now been fixed.

    Regards
  • Surfing Mom SC · 1 month ago
    Great article. Thanks for the info, the humor, the transparency and the link to our connections tab. I have not been phished in a DM but I did notice some of my friends tweeting some very bizarre links lately. that seem associated with the get rich quick schemes. I guess once they have your password they can do anything- twitter identity theft? A real bummer since twitter is about social identity- isn't it?
    Thanks again.
  • Christine Holroyd · 1 month ago
    Thanks for this very important info especially delivered with humour. I'm a newish Twitterer and am wary unlike some who might be a bit too gullible. Even so, If I don't know what to look for, I might make some mistakes, so posts like this never go astray.

    I'll file the info in the back of my mind.
  • Deb Bailey · 1 month ago
    so if these type of people have done this already, to your twitter account, does this mean you have a worm on your computer? why do people do this? what is their gain? how do you know if you have a worm if everything you have installed on your computer is saying you dont?
  • unmarketing · 1 month ago
    No it's usually just through Twitter, not your computer. People do this so they can send spam through your account, which makes them money
  • Amy Unthank · 1 month ago
    I seriously wish there were more ppl like u! Yes, I used u and ppl. I fault Twitter!
  • Jon Griffith · 1 month ago
    A note on passwords. If you develop your own personal system by which you create passwords that change regularly, you'll be less likely to forget them because you'll remember how they were created. Make a system and then stick to it so you can easily generate a new password that fits the system only you know. It will save you hours of time. It's less likely someone will figure out your system than figuring out your password. Tweak your "system's settings" if a password is compromised and gradually move to it. You'll only ever need to know two "systems" of passwords at any given time :).
  • juliegoodale · 1 month ago
    Thanks, Scott.
    I was phished last week. And to those who say, just don't give your info to something that looks suspicious: It didn't look suspicious! The DM came from a friend (an actual friend, not a twitter "friend") & the link led to a page that looked EXACTLY like the twitter sign in page. I was following twitter from Sees. Desktop & not logged in through browser. So when the link brought up the browser w/ log in page, it didn't seem suspicious. I realized pretty quickly & changed my password, but felt quite apologetic for all the crap that was sent out on my acct. (you may have gotten some - sorry!).
    I'm now more wary - & also realize the difference between hacking & phishing:)
  • margorosehrmargo · 1 month ago
    This is a helpful reminder to those who read this. Even the smartest among us have been phished. It seems I get these phishing dms daily from people I know and like. Thank goodness I know when these msgs look phishy. I'm glad you put this out there, more people need to know about this and what to do about it. Earlier this afternoon, my friend suggested to use the following Go to: http://twitter.com/account/connections You can block potential spammers and phishing exploiters. The bottom line is it doesn't matter how "smart" you are...this can happen to anyone. The point is now: prevent it from happening.
    Thanks for bringing this to our attention.
  • aflyonthewall · 1 month ago
    One thing in addition to changing your password - check the information in your settings...make sure that the email address in the contact info is truly yours. It doesn't do any good to change your password if the "your Twitter password was recently changed" email goes to the bad guys and gives them your new password.

    May I also suggest that when you get one of these DMs - let the person know - I post an @ message telling them that there account is sending spam DMs - most people don't know!

    Like Ryan - I am so glad to see that someone with your reach is tackling this situation.
  • KeithBorgnet · 1 month ago
    Thanks for that, i've also been locked out of twitter after i changed my pass word - i guess the phisher is constantly trying to log in
  • Totes McGotes · 1 month ago
    I stumbled upon this blog hoping for Large Mouth Bass fishing tips... the F? unfishing? And what does sesame street have to do with baiting a hook. I'm so confused. Now off to go see how I can make $19 on Google... bbl....
  • Pat Robeck · 4 weeks ago
    Scott, it looks like you fishing skills are right up to mine! Some people get downright angry if a friend sends them a warning about something that turns out to be a hoax, but, hey, they were just looking out for you, not just trying to use up your precious bandwidth! It is never wrong to be polite, until it is time to be rude. Keep up the good work.
  • jj · 3 weeks ago
    Anyone who quotes Ernie is OK in my book!

    I thought I'd been a phishing victim and chnged my twitter password, only to discover that Tweetdeck won't let you update your password there to reflect the new one.

    I ended up changing it back (pretty sure I never gave out the info), but.....ick to not be able to update tweetdeck....