On my Twitter timeline there seems to be an awful lot of Twitter DM spam at the moment. Social networks are all about sharing and connecting, 
and spammers rely on this viral nature in order to maximize their spam. So whilst it may seem like there is a sudden surge this is usually more of a perception than anything else. To explain, if you are a teacher, the chances are you follow a lot of other teachers or like-minded individuals, and the chances are your followers are teachers too. All it takes is for one account to be compromised (following lots of teachers), then a few of those accounts to be compromised (probably teachers) and you can see how this easily escalates, or becomes viral. So if you are following lots of teachers accounts, some of those being compromised, you can understand why there is a perception that there is suddenly a huge surge. That’s a really basic explanation and I hope it makes sense.
How does an account become compromised?
There are two ways: hack into Twitter and steal lots of accounts; or the more popular way is to compromise an individual account and rely on the viral nature of Twitter.
This is known as phishing. You may recognize phishing as an email message pretending to be from your bank account, then asking you to log into your account to sort out some problem. But this isn’ t the case, phishing is any message asking you for any details. In terms of Twitter it could be something like this:
If you click on the link it will take you to a page that looks very much like Twitter, ask you to log in with your Twitter credentials, and there you go, they have your details. Your account is now compromised and they can now start to use your account to start sending out tweets on your behalf. These tweets will usually contain links to things you don’t want to see such as pornography, or usually adverts for miracle diet pills and the like.
What can I do?
- These scams rely on you inputting or clicking something; be suspicious. In the same way that you would be suspicious of a link in an email, the same it true on any social network. If you’re not expecting something or the explanation sounds dodgy, contact the sender to verify the link. If it’s dodgy, delete the DM.
- Change your passwords on your social network profiles often. I know it’s a pain, but it is an unfortunate reality of today’s connected world. How often is up to you, I set up a diary alert for every 30 days.
- When you do a password change, have a look at what applications have got access to your account. On your desktop go to –> Settings –> Applications. Click on Revoke Access to any of those you don’t use or don’t recognize.
- Twitter defaults to secure connections (denoted by “https” in your address bar). It’s worth checking though for your own peace of mind. Go to –> Settings –> Account. Scroll to where it says “HTTPS Only” and ensure there is a tick in the box.
- Think twice about blocking or reporting for spam (unless it’s an obvious spambot). There’s a good chance the person doesn’t know so a quick tweet to them will probably suffice. But if it continues you may have no option other than to block the account.
Education advice:
Password security and checking the integrity of links or information needs to be instilled from an early age. Many primary schools I visit either don’t have passwords set up for younger children or use a generic login/password. Forgotten passwords can be a pain but as I mentioned above it is an unfortunate necessity in today’s connected world, and this is an important aspect to any e-safety life-skill. Use simple passwords with the younger users so that it becomes second nature and slowly increase the complexity as they advance in years.