This is a guest post by Joe from New Customer Workshop. The New Customer Workshop helps local business owners master internet marketing in order to increase traffic into their stores.
Introduction
Over at the New Customer Workshop I talk a lot about how you can use Twitter to promote your local business and build a community of passionate customers.
Recently, I’ve noticed an increase in the amount of spam coming from businesses I follow on Twitter. The spam looks something like this:
Instead of showing me a funny photo of myself the link will drop me on a website that tries to steal my Twitter account information.
These Tweets clearly weren’t sent by the Twitter account holder. Rather, the account was likely phished and now someone is sending Tweets using the hacked account.
A hacked Twitter account is more than just an inconvenience.
It can harm your brand.
You should treat the safety of your Twitter account like you would your store or home. Make sure it’s locked up tight and don’t give the keys to strangers.
It’s simple to do if you follow a few best practices.
Don’t Give Strangers Access To Your Account
Twitter has a rich ecosystem of tools built for managing Twitter lists, auto-tweeting, measuring your influence and more.
The dark side of this is that some unscrupulous tool vendors will steal your account information and use it to send Twitter spam through your account.
Recently a tool claiming to track Twitter stalkers was released.
This “tool” is fake and is used to steal account information.
That doesn’t mean you shouldn’t check out some of these great tools. Just be smart about who gets access to your account information.
First, make sure that the tool you are using isn’t doing anything to violate Twitter’s terms of service.
If the tool promises to give you thousands of followers
it’s probably not safe to use.
Second, do some diligence on the tools. If you find one that looks interesting search for reviews on Growmap, Mashable or even just Google.
Finally, understand how the tools connect to your account. In order to work, most of these tools require some form of access to your Twitter account. This typically involves you granting permission through Twitter on behalf of the tool.
This is the preferred way to grant permissions. If a tool is requiring you to enter your username and password avoid it. Once someone has access to your username and password they can connect to your account and send Tweets masquerading as you.
Are You Really Using Twitter?
Another tactic used to gain access to your account is to send an official looking email to you asking you to take some action on your account. When you click the “Twitter” link you are directed to a page that looks like a Twitter login form. This was the tactic employed in the Introduction.
Make sure you are actually on Twitter.com
Not a site with a similar domain name
close enough you might not notice!Your account information is stolen when you
try to login through these fake forms.
You can protect your self by verifying that the URL of the Twitter page is actually twitter.com.
This video from Sophos shows how someone is tricked into giving their credentials to a fake Twitter website.
Be Smart About Your Passwords
It’s important to use a strong password on any account related to your business. It’s equally important that you use a unique password for each account you hold. That way if one account is compromised the others are still protected. The problem with that advice is it’s hard to remember a strong password, it’s even harder to remember it for each site you use.
There are a couple of ways to solve that problem:
- The folks over at Lifehacker have a great article on how you can create strong passwords that you easily remember or you can use GrowMap’s password convention.
- You can also use a program like 1Password to store all of your passwords. Then you only need to remember one master password. The password manager can fill out the login forms for the websites you visit.
I actually use both suggestions and feel pretty confident that my online identity is safe.
WHAT TO DO IF YOUR TWITTER ACCOUNT GETS HACKED
Help, I Was Hacked!
Despite your best efforts, you may still have your Twitter account hacked.
There are two things you need to do immediately if you think your account was hacked:
- Login in to Twitter and change you password. This will hopefully prevent future attacks through your account.
- Tweet a message to your followers to let them know what happened. Tell them to ignore any Direct Messages from you and to not click on any links.
Conclusion
Twitter is a great tool for communicating with your customers. Unfortunately, there are many people who try to steal your account information in order to spread spam. You can protect your brand identity on Twitter by following the best practices described here.
Do you follow any other best practices to protect your accounts? I’d love to hear about them in the comments.
If you want more great tips on using Twitter for marketing your local business follow @NewCustomersNow on Twitter or sign up for the free New Customer Workshop newsletter.
NOTE FROM GROWMAP: Urgent PRIVACY WARNING for Internet Users >>> HAVE YOU SEEN THIS YET? New forensics tool can expose all your online activity:
“We’ve built a tool that can reconstruct where the
user has been online, and what identity they used.”
The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference and works with PCs running on the Windows operating system.
Making that public makes all of us more likely to be targeted by every digital thief in the world who will want to use it to steal credit card numbers and identities. I guess that shouldn’t surprise anyone since they launched it at a black hat conference.
There’s another good reason to use Linux. (I’m using Linux Mint and used Ubuntu for two years.) They may or may not get around to creating versions for Macs or Linux.
{ 46 comments… read them below or add one }
← Previous Comments
is important to promote local business with tools like twitter
Twitter: addisonskanks
September 23, 2011 at 5:46 am
It would also be great if you help in stopping these phishermen (lol). Whenever you see people you are following tweeting these spammy messages, alert them at once so that they can change their password as soon as possible. Do unto others what you want them to do unto you after all.
Noel Addison would love you to read ..Mobile Website – Do You Need One?
Twitter: grantlylynch
September 15, 2011 at 1:07 pm
Yes this happened to me about a week ago. The hackers sent me a tweet saying that there were lots of pictures of me all over twitter. The link took me back to a the twitter login page. I avoided logging in on this page, but logged out and logged in on a different browser. But I had been hacked and all my followers got the same tweet from me saying that lots of photos of them were being posted over twitter. I lost quite a few followers and upset lots of my friends and clients.
Event Photographer would love you to read ..Event photography
Twitter: y8zone
September 14, 2011 at 3:00 pm
I never thought this could be possible I never knew some of this tricks. thank goodness I read this article I’ll be very careful from now on.
Y8 would love you to read ..Snail Bob 2
Twitter: career_journey
September 14, 2011 at 7:52 am
Hi,
Thanks for the info. Stepped almost in a trap the other day. They had put so much time to reconstruct the twitter home page which was scary.
I send the link to twitter spam team but not sure they do anything about it. Wasn’t sure what to do if I fell for it so thanks for the advice.
Nik
Nik would love you to read ..Great Ideas to Keep Up Your Motivation at Work
Twitter: NewCustomersNow
September 14, 2011 at 8:10 am
Nik, glad I good help!
Joe would love you to read ..The Lazy Small Business Owner’s Way To Great Market Research
Great post. I have a rule that if I wasn’t following some steps or expecting to install an app, and I get to that “Authorize (software) to access Twitter account”, I always cancel. All the hackers need is a way in.
Now twitter is also not safe.Its really disgusting.
Thanking u to make me aware of this fact.I will be aware from now onwards and will keep track of such tweets.
Twitter: Realityarts
September 13, 2011 at 4:48 am
You get this a lot with emails that say they are from a particular bank, or the tax department who have a refund for you and you should click a link to update your details. More recently I got an email from my ‘website administrator’ informing me that my account was over the limit and I had to click a link to access my domain details…… This of course was a scam. Thanks for the sharing the article.
Amanda would love you to read ..365 Days of Colour – Flower of the Day 104 – 110
Agree with you most of twitter users so such mistakes and represent their account to hackers for hacking their important and useful links and other information.
Twitter: euodiasuryani
September 12, 2011 at 9:58 pm
can twitter reply or post to our following twitter?
euodiasuryani would love you to read ..iPad 3
Twitter: kathy1959
September 12, 2011 at 1:07 pm
Ok, Joe… So now I’m officially paranoid!
I had signed up for an app about learning who “unfollows” me… I need to go over and change my password quickly.
One thing you said in response to a comment above is a very good idea; that is, to start ANOTHER account and follow yourself so you can find out who’s spamming followers using your id. Very clever!
Kathy would love you to read ..Best Place To Buy The Flex Belt
Twitter: NewCustomersNow
September 14, 2011 at 6:13 am
Sorry to make you paranoid
At this point there really isn’t any reason that I know of why a twitter service would need your account information rather than user OAuth.
Joe would love you to read ..The Hardest Question A Business Owner Must Answer About Their Website.
Twitter: NewCustomersNow
September 14, 2011 at 9:56 am
Oh, one more thing. I’m using this app to check for unfollows. It uses OAuth so should be safe.
http://who.unfollowed.me
Joe would love you to read ..The Hardest Question A Business Owner Must Answer About Their Website.
does it work? and did anything take over or send messages from your account?
Twitter: finallyfast
September 12, 2011 at 9:23 am
This is SO ANNOYING. My account was recently hacked by this system, the message was sent from a friend’s hacked account. I quickly fixed mine, but I noticed nearly HALF of my Twitter friends had the SAME exact phishing virus/spyware hack on their accounts! Outrageous.
greg would love you to read ..How important is reputation? For individuals, it may make more sense not to wor…
Twitter: Deadmaddy5
September 11, 2011 at 6:51 am
Also keep an eye on your followers and if you see them sending automated tweets with weird url’s just block them for your safety and don’t click the url they tweet.
Maddy would love you to read ..Top 3D Mobile Phones
Twitter: GrowMap
September 11, 2011 at 11:25 am
Hi Maddy,
If you block them do at least let them know why as it is quite possible that they are unaware their Twitter account has been hacked.
growmap would love you to read ..Facebook Page Setup for Bloggers: An Ultimate Guide
Twitter: esoftload
September 11, 2011 at 4:55 am
Thanks for the warning Joe, i too introduce with similar types of tweets but luckily i didn’t care of them.
Isha Singh would love you to read ..How Many Are Listening Your Tweets?
Twitter: btfb1
September 11, 2011 at 4:07 am
Oh my, now hackers are not leaving twitter accounts even. I don’t use any of the twitter tools unless I verify that they are secure for my account. Twitter is my third traffic source.
Naser would love you to read ..Sony Ericsson Xperia arc S: 1.4 GHz Scorpion processor, HSDPA, Multi-touch, BRAVIA® Engine, Android OS, v2.3.4 (Gingerbread)
← Previous Comments
{ 2 trackbacks }