Twitter users have received messages claiming to be from “Twitter Support” urging them to act quickly to avoid suspension, often even from users with a blue check. But they’re almost certainly scams – here’s what to look for and what it would look like if Twitter really needed to contact you.
First of all, it should be mentioned as a general rule that any message from someone you don’t know on any platform you use should be viewed with suspicion. Do Not Track any links or instructions, and if you’re not sure at all, take a screenshot and send it to a friend for help!
Let’s move on to today’s problem: DM spam.
This type of trick goes by different names depending on what the scammers are looking for. It could be garden variety phishing, and they try to trick you into disclosing personal or financial information. But it could be a more sophisticated long-term plan to access top-tier accounts.
The springboard method
It works like this: you first do a bit of spray-and-pray type messaging to get a few people to click on one of the many methods of getting their credentials, be it social engineering (“Please check your current password”) or fake app (“Please update Tw1tter”) or more serious device-level takeover. This allows scammers to control a handful of real people’s accounts.
By using these accounts, they further spam DMs, using the legitimacy of the accounts to mask their nefarious deeds. This gives them more accounts, and if they’re lucky, they’ll get to more well-known accounts, like a verified account that the user follows and has DMs open.
Once they’ve taken over a blue checking account, they can change the name to something like “Urgent Support” and start sending out legitimate-looking warnings to the thousands of subscribers such a user will have without no doubt.
Here’s how to spot a scam and protect yourself. A message a TechCrunch reporter received today from a verified account was as follows:
Twitter Support | Breach
We have recently detected many suspicious login attempts on your account.
We care about the security of verified accounts.
Your account will be suspended within 24-48 hours for security reasons. If you do not, you must submit an appeal form to us so that your account is not suspended and that we can review it.
[link to innocuous looking non-Twitter domain]
In any case, we will contact you via this channel.
Thanks for understanding,
Twitter help account.
Many people will see the verified account, some boilerplate disclaimer text, and just click the link. How should they know what a Twitter suspension warning looks like? They’re not internet sleuths, and frankly, they shouldn’t have to be to protect their accounts, but that’s the reality of social media today.
Luckily, spotting a scam is very easy and you can protect yourself by following these steps.
How to spot a fraudulent DM
First, there are a few red flags with the message itself.
- Twitter will never contact you via DM for account issues. This type of communication is usually done via the email associated with the account. Think about it: if Twitter thinks a scammer may have taken over your account, will they contact that account? No – they have a secure line to your email that only they know about. “If we contact you, we will never ask for your password and our emails will be sent from https://twitter.com/ / https://e.twitter.com only,” a Twitter representative said. . If you receive an SMS, it will come from 40404.
- The sender is not Twitter. Again, Twitter wouldn’t use this channel to begin with, but the message isn’t even coming from them. If you looked at the person’s profile, you would find that it was just a random person, or “egg” as we used to call them.
- The link goes somewhere you’ve never heard of. Of course, you don’t have to go to scam-links.xxx to be suspicious! Links in any message, DM or email or even online can be and often are designed be misleading. This link to twitter.com actually goes to Google, for example. Only follow links in messages or emails that you know are genuine. If you’re not sure, don’t!
- The language is a little off. Not everyone will understand this, but after careful reading, it’s clear that he’s probably not a native English speaker – and an English Twitter communication would surely be in clear, error-free language. It will be the same in other languages — if you notice something weird, even if you’re not sure, it should set off alarm bells!
So what should you do if you receive a message that looks fraudulent? The safest thing is to ignore and delete. If you want you can report it to Twitter by following the instructions here.
Protect yourself with two-factor security
The best thing you can do to protect yourself from scams like this is to enable two-factor authentication., sometimes called 2FA or MFA (multi-factor authentication). We have a full guide for that here:
2FA will be in your Twitter security settings, as well as the security settings of many of your other apps and online services. What two-factor authentication does is simply verify directly with you through a secure “authenticator” app that asks “Are you trying to log into Twitter?” If you see this message and aren’t logging into Twitter, something is up!
When you want to sign in, you’ll be asked for a number generated by the authenticator app that only you can see, or sometimes by text message (although this method is being phased out). These numbers should only be entered on the login screen and should never, ever be shared with anyone else.
If you have 2FA enabled, even if you accidentally give login details to a scammer, when they try to log in, they will check with you to make sure. This is an incredibly useful thing in today’s dangerous cybersecurity environment!
That’s it – now you and anyone you want to talk to won’t get scammed on Twitter this way. If you want to further strengthen your cybersecurity prowess, check out our Cybersecurity 101 series.