15 Jan 2012

Twitter phishing alert II - next steps

I noticed and wrote about a phishing alert on twitter couple of days ago. Since then, many have still fallen for the trick and it has continued spreading. I've got another dm yesterday for example. How do you know if your account is hijacked already and what's next?

To confirm if you've not fallen prey, check your tweets, i.e tweets posted by you - your own timeline up to the past 40 tweets or so. Do you notice any tweet not posted by you or a known source? Also check your sent dms. Anything unfamiliar? If there is, your account have been hijacked.

So what next? First thing is to head up to twitter.com and change your password. Hopefully, you haven't been knocked out of the password already. This should revert login access to your account. But not just that. If they are using a third party app/site to toy with your account, changing your password alone won't do the trick. You will have to knock out the apps' access. Head on to dev.twitter.com/apps, look for apps you are not familiar with or allowed and revoke them. Optionally, you can delete all the scrupulous tweets that have been posted as you (too bad you can't delete the already sent dms though).

Finally, be careful before you follow any link to any site and put your login credentials. If the site is not twitter.com, don't, again don't give your login details.

My name is Opeyemi Obembe. I build things for web and mobile. You should follow me on Twitter (@kehers).