When your Twitter account suddenly starts sending out Tweets you didn’t write, what happened? What should you do?
First, change your password: In most cases, this is all you need to do to regain control of your account. And delete any tweets or DMs you didn’t send, and apologize and explain to people that your account was hijacked.
Here are three DMs going around right now that try to trick you:
When you click the link, it appears that you are taken to a login page. If you think “Huh, I must have been logged out. I’ll just login so I can see what this link is about” you will lose your password to hijackers.
Don’t Type Your Password Anywhere Without Checking The Page You’re On!
The reason is that these are NOT Facebook or Twitter login pages! These are fake pages set up by the hijackers, hoping you won’t notice and will type in your password so they can steal it from you. Here’s what the two fake pages look like for these scams (but other scams use similar looking pages):
Stealing your password in this manner is known as “phishing.” If you don’t realize what you’ve done, when your account is taken over later, you’ll probably think you’ve been hacked, but in reality someone tricked you into giving away your password: you’ve been “phished.”
Spammers? Or Hijacked Accounts?
Wouldn’t you want someone to help you if this happened to you?
Realize that most of these kind of message are frequently from hijacked accounts. The people themselves are NOT spammers! It’s kinder to tweet or DM them to let them know what’s happened to their account than simply unfollowing them.
Eventually of course, if they don’t figure out that their account has been compromised, the hijackers will use it to send out spam to try to make money
The April 2012 Internet Security Threat Report from Symantec [pdf] had some fascinating stats:
- Web based attacks increased by 36% with over 4,500 new attacks each day. ►Tweet this stat
- 403 million new variants of malware were created in 2011, a 41% increase of 2010. ►Tweet this stat
- SPAM volumes dropped by 13% in 2011 over rates in 2010. ►Tweet this stat
- 39% of malware attacks via email used a link to a web page. ►Tweet this stat
- Mobile vulnerabilities continued to rise, with 315 discovered in 2011. ►Tweet this stat
But most shocking of all was probably this chart:
That’s right, porn websites are barely even in the top ten most dangerous category. The theory is that they make money, so don’t need to use malware to make money, and they are very web savvy at keeping their sites free from infections.
Something I’ve done for a long time is give unusual answers to “challenge questions,” such as “What is your mother’s maiden name?” that some site use to “increase” security.
For example, I typically give as an answer a second password that I use, instead of something that actually fits the question. That way, it doesn’t matter if the real answer to the question is somehow discovered, no one can know what I actually answered to the question. (For example, my answer to “What was the name of your first pet?” might be “J8ds7~!A”).
I mention this because hackers have been invading credit report websites, in part by using the “challenge questions,” to steal people’s identities.
Another thing I do is I have my browser save my login information for fast filling out of web forms, but I have it save the information slightly incorrectly.
For example, say my credit card ends in 1234. I’ll have it saved as 1934, and then I’ll just edit the “9” to become a “2.” That way I can save information to help speed up web forms, without worrying about it somehow being stolen.
Of course, you should also use different passwords on different sites (here’s an easy way to do that) and be careful where you really are when you login.