Category Archives: Twitter Spam

Have Millions of Fake Accounts Fooled Twitter?

Twitter CEO Dick Costolo has mentioned several times that millions of people use Twitter only for reading information, and rarely if ever tweet themselves.

But how much does he know?

Fake Twitter Accounts

Companies that sell followers create fake Twitter accounts that rarely tweet, and just have them follow people for money.

So the fact that there are millions of Twitter accounts that rarely tweet doesn’t mean those are people that use Twitter passively for reading without tweeting (much) themselves. Many—most?—of them are fake accounts being sold to people who want to buy followers.

Of course, some of them are real people, but Twitter can’t tell the difference! Twitter hasn’t figured out how to stop fake accounts from being created, and can’t tell the difference between them and real people in order to suspend them

So how many people are just using Twitter “passively?” No one knows…except perhaps the spammers creating fake accounts. But since automated hacking tools are widely available for creating fake Twitter acc0unts, and it’s estimated that selling Twitter followers brings in nearly $50 million each year, it’s fair to say there could be millions of fake accounts.


Of course, some fake accounts are created in order to send spam. Here’s a list of the latest spam, and spam accounts, for example. But accounts created only to be sold as fake “followers” never spam, because that would risk them getting suspended, and if they were suspended, they couldn’t be sold as followers.

Fortunately, even if hackers find a lucrative way to break into your account or computer just by getting you to click a link, those fake accounts are unlikely to switch over to sending spam, because they make a LOT of money being sold as followers.

And that’s good, because otherwise, millions of fake accounts could suddenly start spamming Twitter.

How Do Spammers Work?

We get a lot of questions about how spammers work on Twitter as well as on the internet in general. I thought I’d provide an overview of general internet techniques spammers use (not specifically about Twitter spam), particularly those techniques used to make more people find their websites in Google search.

I found an infographic from a Google Search Marketing company that provided a summary, so  I’ve enlarged and extracted the key sections from their infographic below:

Hackers creating fake apps as fast as Twitter can block them

Note: If affected by a bad app, revoke it at …although Twitter will often suspend them quickly

If you see one of the many variations of “Wanna see who viewed your Twitter profile?” do NOT click.

There is NOT nor has there EVER been an app that can show you who views your Twitter profile.

Most of the time (if you do click) you’ll see an app that has been suspended/revoked. But if you’re one of the first people to click—before Twitter suspends the app’s connection to Twitter—you’ll be able to authorize the app, and it will start tweeting on your behalf, trying to get other people to click through.

The app can do a variety of things once you authorize it. A common theme is that you have to do something before you can see those people who viewed your Twitter profile—such as take a survey. You might be taken to a page that looks like this:

See all those supposed “viewers” of your profile? They do NOT exist.

The app could also tweet other things from your account, such as links to a variety of malware or spam. Driving you to spam surveys that pay the bad app maker money is the least troublesome thing the app can do.

And of course, if you try to leave the page, it makes a fake offer, filling in your city (taken from the IP address you are visiting the site from) and today’s date. (Be sure to click “Leave this Page” to stay safe.) One example:

My Apologies

In checking out the operation of one of the apps from a test account, the browser was accidentally switched to one where @TweetSmarter was logged in, and the app was able to send out a tweet from the @TweetSmarter account. It was deleted in under ten seconds, but that should NEVER happen!

If you clicked through the link from @TweetSmarter and authorized the app before Twitter was able to suspend it, my sincere apologies.

The Incredibly Annoying Twitter Porn Spam Attack of Late Winter, 2012

Tip: Read part 5 of “What Can You Do About Twitter Spam? What EVERY User Must Know” for more information on how spammers work.

From mid January through March, 2012, many more spam tweets than usual about porn were sent in several waves as @mentions to users on Twitter.

Spammers had created an enormous number of spam accounts in advance for a money-making campaign that also utilized some hijacked accounts (people who had their Twitter account passwords stolen).

While it is normal for spammers to send a lot of spam tweets for 1-3 weeks, this spam campaign lasted many more weeks than usual.

Twitter Suspends Spammers, Spammers Work Harder

Strangely, this was a sign that Twitter’s efforts to suspend spammers were having an effect, because spammers were forced to “burn” (let Twitter suspend) many more accounts than usual in this campaign of spam.

Here’s how it works, and why while this is a sign that Twitter is doing a good job, it’s still a problem for users.

Two Techniques of Spammers

Setting up the spam network

First, spammers create a lot of accounts that don’t spam, and appear to be real people. Then, they use a few of those accounts to send spam. Each time they do this, they find out what Twitter will allow and what will cause the accounts to be suspended. Then, they use what they’ve learned to have the next group of accounts behave differently when they start to spam, so they won’t be suspended as quickly (or at all).

Spam Technique #1

Here, spammers assume they will be able to spam from accounts that won’t be burned (suspended) quickly or at all, by using what they have learned from previous tests. This means they send a lower amount of spam in total, using fewer accounts overall. This requires spammers to learn from previous attempts and change techniques over time as they learn.

Spam Technique #2

But when spammers determine that Twitter has become very effective at suspending spam accounts quickly and consistently, they will use a much larger number of accounts, knowing that virtually all of them will be burned through quickly.

The problem for users is that first, even if an account is suspended after only one tweet, if you are the person that received that tweet, it’s very annoying.

But mainly, the problem for users is that the total volume of spam tweets is greater: You get more spam, and you wonder why Twitter isn’t doing more to stop it!

One problem with this technique is that spammers don’t have to be smart, they just need a lot of accounts they can burn.

Spam Tools

So another reason spammers might send more spam overall is when tools to create a lot of Twitter accounts improve, or improved tools reach the spam market.

When a spammer can create 1,000 Twitter accounts quickly and cheaply that look real, it’s tempting to simply “use them up” (let Twitter suspend them) by managing them in a dumb way, so that it’s easy for Twitter to suspend them.

What Twitter Needs To Do Next

What caused spammers to use so many more accounts (and send so much more spam) appears to have been both that Twitter was getting too effective at suspending “smart” accounts (that look real and try not to be suspended) and that tools for creating large numbers of accounts have gotten more effective.

Twitter probably needs to make it harder to create new accounts, and possibly stop delivering 100% of all @mentions to all users, or provide a filter of some kind such that you don’t receive @mentions from suspicious accounts (such as a very new account that you don’t follow) in the same way you receive them otherwise.


What Can You Do About Twitter Spam? What EVERY User Must Know

A five-step plan for fighting Twitter spam:

1. Fight It

Don’t EVER only block spammers. Reporting them for spam ( automatically blocks them, so actually, do NOT block them at all, report them instead.

The next best thing to do is ignore spammers. They will either unfollow you or be suspended soon. If you don’t want to see spam tweets, see tip #4 “Filter it out” below.

2. Understand What Hijacking Is, and Help Others

If someone’s account has been hijacked to send spam of phishing links (see 2a below), don’t report them as spam, help them! Send them a tweet letting them know that tweets are being sent from their account that they may not have written, and that they should change their password. For more information on how to help people who’ve been hijacked, see “What to do when you see a hijacked account alert.”

Spammers favorite technique is to steal your password. While there are many ways to do this, in practice you mostly only need to protect yourself from two techniques:

2a. Tricking You (Phishing)

The first way they get you is to send you to a FAKE Twitter login page (that looks real) when you click a link. It makes it seem like you’re logged out of Twitter. But you aren’t! If you are actually at Twitter’s website, the URL will start with

HOW TO PROTECT YOURSELF: For more information on how to tell when you’ve reached a fake site, see “How to Prevent Your Twitter Password From Being Stolen.”

2b. Hacking Into Sites That Save Passwords

The second way is that they break into a site that has a lot of users, and steal all their passwords. Then they try those password on other sites. Major sites, like Twitter, Facebook, etc.

HOW TO PROTECT YOURSELF: Check out some of these very simple password techniques for protecting yourself by using different passwords.

3. Avoid It

If you tweet a lot about popular spam topics (like iPads or porn) you will get more spam. If you say you are looking to buy something, you might get spam about that item.

If you really want to tweet that you want to buy a naked iPad app, expect spam. If you want less of this kind of spam, tweet less about the topics that spammers are using to find you.

Yes, this can be very annoying!

One trick you can use is to slightly misspell words. If the last time you said “naked iPad” you got a lot of spam, try n@ked i-Pad instead, or something similar ;-)

They use Twitter search to find people tweeting about what they want to spam you about, so of course if you don’t show up in Twitter search (say, because you have protected your account) this won’t apply to you.

4. Filter It Out

This isn’t effective in stopping spam, but it lets you remove the spam tweet in your mentions so you don’t have to see them anymore.

For example, if you are @InnocentVictim and @DirtySpammer has sent you a spam, simply do a search for “to:InnocentVictim -DirtySpammer” (without the quotes) and you can see all tweets that mention you except those from @DirtySpammer. (Notice that you don’t use the “@” sign in your search.)

If you use TweetDeck, you can use the global filter to create the same effect.

5. Understand It

Tip: You might want to read “The Incredibly Annoying Twitter Porn Spam Attack of Late Winter, 2012.”

Twitter is in a tricky situation. Whatever they do to block spam, spammers figure it out, and behave differently the next time.

That’s why Twitter spam often comes in waves. (When you start getting a lot of it, don’t worry, in a week or two it will usually die down again.)

How Advanced Spammers Work

This is because advanced spammers set up thousands of accounts that behave innocently at first, and then activate (begin sending spam) hundreds or thousands of them quickly.

They activate so many all at once because once Twitter catches on to their latest tricks, they will begin to be suspended much more quickly. So spammers don’t want to reveal their latest tricks until they’re ready to use them, and then send a lot of spam for 1-3 weeks.

So when spammers are ready to try a new trick, they will activate thousands of accounts all at once, sending a huge wave of spam across Twitter.

Once Twitter figures out their latest tricks, the accounts will begin to be suspended more and more quickly.

The worst case for a spammer is to activate new spamming techniques in two waves. This is because if Twitter figured out the tricks from watching what the first wave  of accounts did, the second wave would be suspended much more quickly.

Once an account set up to send spam is suspended, it is considered “burnt” (gone) and so others must be created to take its place. If spammers are making good money from a particular spam tactic, for example porn, they may be willing to burn more accounts (and risk having other accounts being suspended/burned faster) to make money faster.

This is part of what happened in The Twitter Porn Spam Attack of Late Winter, 2012, for example. Spammers burned many more accounts than usual because they had a better money making approach than usual. This meant that for several weeks, many many users got lots of porn spam :-(

6. Bonus: Don’t Do It Yourself!

Lots of people get a little spammy at time. I once bought some movie tickets for 50% off that were valid at a huge range of theaters, for any show at any time.

I thought “I’ll bet other people would love a deal like this,” so I tweeted the link to the special. it was a mistake. People just complained, and as far as I know, no one took advantage of the deal.

It wasn’t a money-making attempt on my part, it was simply an attempt to give something to our network that I thought they might like. But it looked too much like spam.

If you’ve got something to sell, give away educational information and be helpful in the business category that you sell things. Become known as the expert on your topic, and you can sell things related to that topic to people. But do nothing but post links to things to buy, and people will unfollow you.


C’mon Twitter! Quit Leaving Direct Messages Vulnerable To Spam

Spam is probably Twitter’s biggest problem. 

But as it is now, instead of making it easy to identify the more spammy type of Twitter accounts, Twitter is actually hiding that information from you!

Hey, Twitter: Quit Protecting Spammers!

Wouldn’t you want to know before following someone if they spammed everyone that follows them with an advertising message?

But currently, if someone sends a DM spam to everyone that follows them, you have no way of knowing! And so you follow someone who seems nice…and you get spammed. Again.

If you follow someone, they can direct message (DM) you. If Twitter made the additional requirement that you must also have sent them a tweet at least once before they can DM you, DM spam would be cut way, way back.

This would mean spammers would be forced to send their spams by tweet instead of DM, and tweets can be seen publicly. So this is not only a spam prevention method, it’s a spam identification method. Spammers couldn’t hide their spam messages any more!

Alternatively, Twitter could simply add a “let them DM me” feature instead of making it automatic. But this would be confusing, and take a lot of effort if you had to do it for each person.

Dealing Five Large Setbacks To Twitter Spammers

This one simple change would have HUGE effects:

  1. It would be much harder to hijack accounts. Right now, 99% of hijackings start as DMs that send you to a page that tries to trick you into entering your password (usually by looking like a Twitter login page). When someone you follow is hijacked, their accounts starts sending out these phishing DMs, trying to hijack accounts. In this scenario,  if they can’t DM you, they can’t hijack your account.
  2. Spammers would be stopped cold from the tactic of following people, to get follow backs in order to send DM spam.
  3. Spammers would get far fewer followers, because their spam messages would be seen publicly, instead of hidden as DMs. They could no longer pretend to be “just folks” publicly while sending tons of spam to everyone that follows them.
    This would send a big signal to Twitter’s spam-identification algorithm—spammers get fewer followers and are more visible due to needing to spam more publicly—so Twitter could suspend them faster.
  4. One of spammers biggest sources of income would be hit hard, since the auto-follow, auto-DM software would no longer work. Currently, spammers create other spammers by selling this software, telling you to use it to auto-follow people, and then spamming the people that follow you back by DM.
  5. Block automated spam DMs. Spammers create tons of Twitter accounts automatically, have them tweet automatically, and send their spam automatically by DM. This means one person can create thousands of spam accounts, but none of it works if they can’t send spam! While stopping auto-DMs doesn’t stop spam, for all the reasons listed above it makes spamming much, much harder to automate and profit from.

To the ignorant and greedy, Twitter has long looked like a spam paradise, because they can hide the spam they send so no one knows they are a spammer. Twitter needs to put a stop to this.

Make DMs Useful Again

Many long-time Twitter users publicly state that they don’t read their DMs, because they are so inundated with spam. @ChrisBrogan even said he would quit Twitter if Twitter didn’t let him unfollow everyone so he could get rid of all the DM spam.

And this wouldn’t change the way DMs are already useful: you connect with someone you follow via tweets, then you switch to DMs to continue your conversation. This would still work automatically, since you follow them and have sent them a tweet.

Spam is killing Twitter, DMs are badly broken, and Twitter needs to to act soon to fix things.

Make Twitter Twice As Useful

By putting spammers on the run by making DMs protected and useful again, Twitter could them use DMs to open up collaboration by allowing them to be longer than 140 characters.  This isn’t as radical as it sounds. Tweets would still be limited to 140 characters.

Why Even Twitter Won’t Use Twitter

If you make a support request to Twitter, they reply via email. Twitter is a communication system that not even Twitter wants to use when they have to collaborate with users! There’s a word for that: broken.

For the rest of use, to collaborate usually means exchanging private emails, and ends up splitting the collaboration: some of the information is on Twitter, some of it is in emails. By letting DMs run a little longer, people could keep their whole conversation on Twitter, and avoid the awkward security issue of whether to give out your email to someone.

A Wide Variety of Benefits

I regularly get 3-5 DMs in a row from people trying simply to explain a question they have. And the people that don’t often don’t include enough information for me to help them, and I have to ask for more information.

This would also make it easier to “attach” files. Now, you have to link to whatever files you want share, but the links use up the room needed for communication. By letting DMs be a little longer, you could include several links and still have room.

Test show that people rarely need more than 500 characters for emails (that is, if you limit them to 500, as the ShortMail service does, most people still get things done in one email). That is about the length of three-and-a-half tweets, and in my experience, would eliminate 99% of the multiple DMs we receive as @TweetSmarter when helping people.

It would also allow you to really share key content, instead of forcing people off to a link to search through an article. You could excerpt key points from a blog post, for example, without forcing people to go to a link and dig through it to find the data you want to share with them.

You could compare things in a single DM, such as a brief summary of three apps with a link to each. You could provide tech support, by having enough room to write down detailed instructions.

Twitter could charge more for this service if they wanted, or could simply roll it out initially to their advertising partners as an additional benefit.


What do you think?

Is it time for Twitter to stop letting spammers hide their spam and send it to anyone that follows them? Would Twitter be more useful if your DM inbox had less spam, and was easier to use for collaboration? Leave a comment and let us know!

Twitter Suspending New Spammers Faster Than Ever

In 2012, changes made to Twitter’s spam account identification algorithm have been catching and suspending some new Twitter spam accounts more rapidly—sometimes much more rapidly—than in 2011.

  More users than ever before are reporting that as fast as they can check new accounts that appear to be spam they have already been suspended. This sometimes creates confusion, as Twitter does not always report “Account Suspended” but sometimes “Account Does Not Exist,” leading to the question “If they don’t exist, how did they follow and tweet me?”

Despite the occasional confusion, this is a great achievement, as Twitter is working to put in a place a system that stops spam in realtime as it happens. Eventually, Twitter’s goal is to predict spam before it happens.

New Twitter Spam Network Driving People Nuts

There has been a new wave of spam these last few days, so I thought I’d again talk a bit about the tactics spammers use on Twitter.

Why is that many Twitter users see lots of spam come in over 3-7 days or longer and then mostly disappear?

This is because spammers try to send out a LOT of spam all at once over a few days, rather than spreading their efforts out over longer periods. That way, once Twitter starts to catch them, they’ve already sent out a lot of spam.

Their basic principle is to try to spam as many people as possible as quickly as possible before Twitter catches on and can effectively auto-suspend accounts. The idea is that more spam you send out quickly, the more people in total you will reach. But spammers have been getting better and better at pushing the limits on Twitter’s system of catching them, and sometimes now new spam networks can push for a couple of weeks before being well shut down.

As Twitter begins to figure out what kind of system and tweets are being used to send the spam, and starts to suspend the spamming accounts faster and faster, it become harder to get the new kind of spam through. After a bit, the spam network will stop sending out that particular kind of spam, and being preparing for their next big push, using what they have learned to try to create methods of propagating spam that are harder to detect.

Stopping spammers is not as easy as you might think

One reason it’s tough is that there are many networks, some with several thousand spam accounts, and many of these accounts are set up to act like real people. These “fake users trying to appear real” only send out small amounts of spam so they can’t easily be caught and get suspended. With the push of a button, the network operator can start to move spam out through these thousands of real-seeming accounts, each sending perhaps one or two a week.

There are many other approaches spammers take as well, depending on particular goals. A spammer might burn (allow to be suspended) a large group of accounts if they need to send a lot of spam out in a hurry, perhaps to try make a certain link be counted highly by sites that track the popularity of links across social networks.  Trying to create a trending topic would be another example of trying to get something counted and promoted.

What makes it particularly difficult is that whatever Twitter does to stop spam, spammer take note of, and do less of it. It’s a cat-and-mouse game where spammers can keep trying new things once old methods stop working as well.

Twitter is upgrading their spam blocking

Twitter has said they are preparing to move to a preventative system that stops spam before it appears, but that they are still working to keep Twitter running well, and don’t have enough engineers in total to do everything. So yes, eventually, Twitter’s goal is to predict spam before it happens.

How to report someone for spam on Twitter

Do it impersonally. Give them no more thought than you do when close a door behind you.

(If you want to read Twitter’s how-to page on spam reporting, go here.)

Why be impersonal?

Because you shouldn’t let Twitter bots and jerks mess with your attitude.

If you feel all righteous about it, you’re getting into rant mode. If you feel bad or uncertain, you’re creating a “cognitive load” where there should not be one. And there are lots of folks who need to be reported. But do be careful that you’re not reporting someone who’s account was hijacked. (How to help them instead of reporting them.) And realize that reporting someone for spam also blocks them from following or tweeting you again.

So just do it!

What to do when you see a hijacked account alert

You’ve probably seen one of these kind of messages before:

Here is a list of all the most recent #Alerts about hijacked accounts. So, what happened? Why are these tweets being sent out? What should you do?

Someone you follow had their account hijacked

When you receive one of these tweets or DMs, it is from a hijacked account. This is NOT regular spam. You should let the person know they have been hijacked, and that their account is sending out messages without their knowledge.

Send them a tweet like this:

Your account may have been hijacked. Check to see if it is sending messages you didn’t write, and read

For more information, read “Is your follower a spammer…or a hijacked account?

How the latest hijackings work

While there are many ways Twitter hijackers and spammers can try to fool you, currently, in July-November 2011, the main method the hijackers are using is this: When you click the link, you are taken to what appears to be a Twitter login page, but is not.

If you enter your password on one of these fake login pages, the hijacker will take over your account. The first thing they usually do is to begin sending out spam tweets or DMs from your Twitter account, trying to hijack other accounts. Tens of thousands of accounts have likely been hijacked.

What to watch out for

You must read the URL in your browser before logging into There are many variations of fake URLs such as “” or “ltwitter/twitter-login” and many more.

Do not be fooled by a page that looks exactly like The page will look normal, except for the URL.  If it doesn’t say // at the beginning of the URL, it is NOT! While your browser will make the top of the page look slightly different from mine (you may have icons and bookmarks or favorites, for example), the URL is what counts.

Here are the only two kinds of pages that are real. Look closely at the URL. Both have // at the beginning:

If you were logged into, and suddenly find yourself logged out, watch out! You are probably still logged in and have just reached a fake phishing page trying to steal your password.

How does TweetSmarter know which tweets are from hijacked accounts?