Spam is probably Twitter’s biggest problem. 

But as it is now, instead of making it easy to identify the more spammy type of Twitter accounts, Twitter is actually hiding that information from you!

Hey, Twitter: Quit Protecting Spammers!

Wouldn’t you want to know before following someone if they spammed everyone that follows them with an advertising message?

But currently, if someone sends a DM spam to everyone that follows them, you have no way of knowing! And so you follow someone who seems nice…and you get spammed. Again.

If you follow someone, they can direct message (DM) you. If Twitter made the additional requirement that you must also have sent them a tweet at least once before they can DM you, DM spam would be cut way, way back.

This would mean spammers would be forced to send their spams by tweet instead of DM, and tweets can be seen publicly. So this is not only a spam prevention method, it’s a spam identification method. Spammers couldn’t hide their spam messages any more!

Alternatively, Twitter could simply add a “let them DM me” feature instead of making it automatic. But this would be confusing, and take a lot of effort if you had to do it for each person.

Dealing Five Large Setbacks To Twitter Spammers

This one simple change would have HUGE effects:

1. It would be much harder to hijack accounts. Right now, 99% of hijackings start as DMs that send you to a page that tries to trick you into entering your password (usually by looking like a Twitter login page). When someone you follow is hijacked, their accounts starts sending out these phishing DMs, trying to hijack accounts. In this scenario,  if they can’t DM you, they can’t hijack your account.
2. Spammers would be stopped cold from the tactic of following people, to get follow backs in order to send DM spam.
3. Spammers would get far fewer followers, because their spam messages would be seen publicly, instead of hidden as DMs. They could no longer pretend to be “just folks” publicly while sending tons of spam to everyone that follows them.
   This would send a big signal to Twitter’s spam-identification algorithm—spammers get fewer followers and are more visible due to needing to spam more publicly—so Twitter could suspend them faster.
4. One of spammers biggest sources of income would be hit hard, since the auto-follow, auto-DM software would no longer work. Currently, spammers create other spammers by selling this software, telling you to use it to auto-follow people, and then spamming the people that follow you back by DM.
5. Block automated spam DMs. Spammers create tons of Twitter accounts automatically, have them tweet automatically, and send their spam automatically by DM. This means one person can create thousands of spam accounts, but none of it works if they can’t send spam! While stopping auto-DMs doesn’t stop spam, for all the reasons listed above it makes spamming much, much harder to automate and profit from.

To the ignorant and greedy, Twitter has long looked like a spam paradise, because they can hide the spam they send so no one knows they are a spammer. Twitter needs to put a stop to this.

Make DMs Useful Again

Many long-time Twitter users publicly state that they don’t read their DMs, because they are so inundated with spam. @ChrisBrogan even said he would quit Twitter if Twitter didn’t let him unfollow everyone so he could get rid of all the DM spam.

And this wouldn’t change the way DMs are already useful: you connect with someone you follow via tweets, then you switch to DMs to continue your conversation. This would still work automatically, since you follow them and have sent them a tweet.

Spam is killing Twitter, DMs are badly broken, and Twitter needs to to act soon to fix things.

Make Twitter Twice As Useful

By putting spammers on the run by making DMs protected and useful again, Twitter could them use DMs to open up collaboration by allowing them to be longer than 140 characters.  This isn’t as radical as it sounds. Tweets would still be limited to 140 characters.

Why Even Twitter Won’t Use Twitter

If you make a support request to Twitter, they reply via email. Twitter is a communication system that not even Twitter wants to use when they have to collaborate with users! There’s a word for that: broken.

For the rest of use, to collaborate usually means exchanging private emails, and ends up splitting the collaboration: some of the information is on Twitter, some of it is in emails. By letting DMs run a little longer, people could keep their whole conversation on Twitter, and avoid the awkward security issue of whether to give out your email to someone.

A Wide Variety of Benefits

I regularly get 3-5 DMs in a row from people trying simply to explain a question they have. And the people that don’t often don’t include enough information for me to help them, and I have to ask for more information.

This would also make it easier to “attach” files. Now, you have to link to whatever files you want share, but the links use up the room needed for communication. By letting DMs be a little longer, you could include several links and still have room.

Test show that people rarely need more than 500 characters for emails (that is, if you limit them to 500, as the ShortMail service does, most people still get things done in one email). That is about the length of three-and-a-half tweets, and in my experience, would eliminate 99% of the multiple DMs we receive as @TweetSmarter when helping people.

It would also allow you to really share key content, instead of forcing people off to a link to search through an article. You could excerpt key points from a blog post, for example, without forcing people to go to a link and dig through it to find the data you want to share with them.

You could compare things in a single DM, such as a brief summary of three apps with a link to each. You could provide tech support, by having enough room to write down detailed instructions.

Twitter could charge more for this service if they wanted, or could simply roll it out initially to their advertising partners as an additional benefit.

Summary

What do you think?

Is it time for Twitter to stop letting spammers hide their spam and send it to anyone that follows them? Would Twitter be more useful if your DM inbox had less spam, and was easier to use for collaboration? Leave a comment and let us know!

In 2012, changes made to Twitter’s spam account identification algorithm have been catching and suspending some new Twitter spam accounts more rapidly—sometimes much more rapidly—than in 2011.

  More users than ever before are reporting that as fast as they can check new accounts that appear to be spam they have already been suspended. This sometimes creates confusion, as Twitter does not always report “Account Suspended” but sometimes “Account Does Not Exist,” leading to the question “If they don’t exist, how did they follow and tweet me?”

Despite the occasional confusion, this is a great achievement, as Twitter is working to put in a place a system that stops spam in realtime as it happens. Eventually, Twitter’s goal is to predict spam before it happens.

There has been a new wave of spam these last few days, so I thought I’d again talk a bit about the tactics spammers use on Twitter.

Why is that many Twitter users see lots of spam come in over 3-7 days or longer and then mostly disappear?

This is because spammers try to send out a LOT of spam all at once over a few days, rather than spreading their efforts out over longer periods. That way, once Twitter starts to catch them, they’ve already sent out a lot of spam.

Their basic principle is to try to spam as many people as possible as quickly as possible before Twitter catches on and can effectively auto-suspend accounts. The idea is that more spam you send out quickly, the more people in total you will reach. But spammers have been getting better and better at pushing the limits on Twitter’s system of catching them, and sometimes now new spam networks can push for a couple of weeks before being well shut down.

As Twitter begins to figure out what kind of system and tweets are being used to send the spam, and starts to suspend the spamming accounts faster and faster, it become harder to get the new kind of spam through. After a bit, the spam network will stop sending out that particular kind of spam, and being preparing for their next big push, using what they have learned to try to create methods of propagating spam that are harder to detect.

Stopping spammers is not as easy as you might think

One reason it’s tough is that there are many networks, some with several thousand spam accounts, and many of these accounts are set up to act like real people. These “fake users trying to appear real” only send out small amounts of spam so they can’t easily be caught and get suspended. With the push of a button, the network operator can start to move spam out through these thousands of real-seeming accounts, each sending perhaps one or two a week.

There are many other approaches spammers take as well, depending on particular goals. A spammer might burn (allow to be suspended) a large group of accounts if they need to send a lot of spam out in a hurry, perhaps to try make a certain link be counted highly by sites that track the popularity of links across social networks.  Trying to create a trending topic would be another example of trying to get something counted and promoted.

What makes it particularly difficult is that whatever Twitter does to stop spam, spammer take note of, and do less of it. It’s a cat-and-mouse game where spammers can keep trying new things once old methods stop working as well.

Twitter is upgrading their spam blocking

Twitter has said they are preparing to move to a preventative system that stops spam before it appears, but that they are still working to keep Twitter running well, and don’t have enough engineers in total to do everything. So yes, eventually, Twitter’s goal is to predict spam before it happens.

Do it impersonally. Give them no more thought than you do when close a door behind you.

(If you want to read Twitter’s how-to page on spam reporting, go here.)

Why be impersonal?

Because you shouldn’t let Twitter bots and jerks mess with your attitude.

If you feel all righteous about it, you’re getting into rant mode. If you feel bad or uncertain, you’re creating a “cognitive load” where there should not be one. And there are lots of folks who need to be reported. But do be careful that you’re not reporting someone who’s account was hijacked. (How to help them instead of reporting them.) And realize that reporting someone for spam also blocks them from following or tweeting you again.

So just do it!

You’ve probably seen one of these kind of messages before:

Here is a list of all the most recent #Alerts about hijacked accounts. So, what happened? Why are these tweets being sent out? What should you do?

Someone you follow had their account hijacked

When you receive one of these tweets or DMs, it is from a hijacked account. This is NOT regular spam. You should let the person know they have been hijacked, and that their account is sending out messages without their knowledge.

Send them a tweet like this:

Your account may have been hijacked. Check to see if it is sending messages you didn’t write, and read http://bit.ly/YouWereHijacked

For more information, read “Is your follower a spammer…or a hijacked account?”

How the latest hijackings work

While there are many ways Twitter hijackers and spammers can try to fool you, currently, in July-November 2011, the main method the hijackers are using is this: When you click the link, you are taken to what appears to be a Twitter login page, but is not.

If you enter your password on one of these fake login pages, the hijacker will take over your account. The first thing they usually do is to begin sending out spam tweets or DMs from your Twitter account, trying to hijack other accounts. Tens of thousands of accounts have likely been hijacked.

What to watch out for

You must read the URL in your browser before logging into Twitter.com. There are many variations of fake URLs such as “tvviter.com” or “ltwitter/twitter-login” and many more.

Do not be fooled by a page that looks exactly like Twitter.com. The page will look normal, except for the URL.  If it doesn’t say //Twitter.com at the beginning of the URL, it is NOT Twitter.com! While your browser will make the top of the page look slightly different from mine (you may have icons and bookmarks or favorites, for example), the URL is what counts.

Here are the only two kinds of pages that are real. Look closely at the URL. Both have //twitter.com at the beginning:

If you were logged into Twitter.com, and suddenly find yourself logged out, watch out! You are probably still logged in and have just reached a fake phishing page trying to steal your password.

How does TweetSmarter know which tweets are from hijacked accounts?

http://blog.tweetsmarter.com/twitter-downtime/why-some-hijacked-twitter-accounts-never-learn/

Got a Twitter email notification from Biz Stone (@biz)? It’s fake. Link takes you to malware—do NOT click. Here’s what the email looks like:

source

There are different approaches to take depending on how you encounter Twitter spam. Here are some links to the most important tips:

1. If it’s in your email;
2. If it’s a DM from someone you follow;
3. If it’s a tweet addressed to you from someone you don’t follow;
4. If you want to filter out and not see spam tweets
5. If you’re wondering how Twitter spam got out of control.

Also, here you can see what kind of messages have been coming from hijacked accounts, or go here to see the latest notifications from Twitter.

TIP: If you don’t know how, read http://bit.ly/ReportTwitSpam first.

As Twitter has gotten better and better at suspending spammers, spammers have both increased their efforts and adopted new tactics.

Newer Spam Tactics

Hijacked Twitter Accounts

The one you’ve probably noticed the most is suddenly getting spam from people you follow, people you trust.

What happened is that those people had their Twitter account hijacked, either by logging in at a fake Twitter page, or authorizing a bad app.It’s best if you can let them know they’ve been hijacked. Here are some typical messages from hijacked Twitter accounts. Other than those kinds of messages, there are a lot of ways you can be tricked into giving someone control of your Twitter account. One of the worst is if an employee of your business hijacks your Twitter account.

Fake Emails “From Twitter”

First, if you think you’ve gotten an email that appears to be from Twitter.com but looks suspicious, forward it to spoof@Twitter.com. You’re helping catch and stop the spammers.

Never open an attachment or install any software from an email that claims to be from Twitter; it’s FAKE. Also, Twitter will never email you, direct message you, or @reply you asking for your password.

Spammers Working Harder

There are a lot of ways spammers try to attack Twitter.com, and a lot of ways you can be fooled. Some spammers keep track of those that report spam on Twitter, and spam them less. So always be sure to report spam when you see it on Twitter! The accounts you report are automatically blocked from following or tweeting you again.

Twitter’s Increased Spam-Fighting Efforts

Twitter is currently reacting to spam as it happens. Reports from users are one of several flags that Twitter uses to either automatically suspend or manually check an account in question. Twitter is beginning to put in a place a new system that stops spam in realtime as it happens, though that hasn’t begun. Eventually, Twitter’s goal is to predict spam before it happens.

What Can You Do?

While the bad news is that Twitter’s two most important “stop spam” initiatives, realtime and predictive, haven’t started yet, the good news is that they are on the way!

It’s also good news that spammers are concentrating more on fooling users, because this means fighting back against spam is in our hands! We can help one another. For example, help people understand that Twitter will never ask you to download something or sign-in to a non-Twitter website.

The more each of us helps educate other users about best practices for keeping our Twitter accounts secure, the safer Twitter will be.

If you’re looking for tools to help you remove spammers you may be following, check out some of these:

1. Twit Cleaner,
2. TwitBlock,
3. StopTweet,
4. TwitSweeper
5. Send any DM to @optmeout (they will follow you back after you follow them)
6. http://lolquiz.com/optout
7. TidyTweet
8. TwitChuck
9. TwerpScan

Twitter says that…

• A tweet addressed to your Twitter account,
• That is an advertisement from someone you haven’t interacted with

…is spam

Another way to say it is: if you send me a tweet that is an ad, and it isn’t a response to something I tweeted about first, it’s spam.

When Twitter ads are spam

You might argue that any kind of ad is something you would consider as spam. While it might be highly unwanted, technically, just being an ad isn’t enough to make it spam.

At least that’s what I thought, until today when I used a Twitter search to find find tweets sent to me (my @mentions). I’m looking at

• Tweets addressed only to my Twitter account,
• And the first tweet is an advertisement from someone I hadn’t interacted with

So that’s spam, right?

Its an ad, we haven’t interacted, and I’m only looking at tweets sent to me. Nope: It was a “promoted tweet.” Just bad luck Twitter decided to put it on a page of tweets that were supposedly only sent to me.

I went through all the steps to mark it as spam before realizing that it wasn’t actually addressed to me. Then I noticed the tiny “Promoted by [username]” underneath.

Bad ad placement, Twitter: Don’t show me “promoted tweets” when I search for tweets sent to me.

By your own definition, that’s spam

And it gets worse…

Twitter has now begun removing the @mentions tab for all users, replacing it with two new options. This means that any Twitter that justs wants to see some of their @mentions has to use search (as I do)…and see ads in the tweets that are supposedly just to them

Here is a fake Email scam going around.

1. This is NOT a legitimate email
2. Is it NOT from Twitter
3. Do NOT click the link in the email

Here is a sample of what the email looks like: