Not every message dropped into your Twitter account is the real deal. Some are trying to phish for your details and break into your account.
Something a little bit different could be hitting the inbox of your social media account this week, as scammers try an old tactic in a slightly new way, phishing for logins and details on a social network they have zero control in.
It’s something we saw this week in Pickr’s editor’s own inbox, as scammers attempted to portray themselves to be one of Twitter’s support teams, when the reality is they’re anything but.
Arriving from the account “Feedback Team”, it’s a group trying to be seen as Twitter’s Support team, and given the 170K followers, seems to suggest at least some have fallen for the trick.
Reading the direct message sent by the scammers might explain why.
As a Twitter support team, we have received copyright complaints about some of the tweets you share on your account. We would like to inform you that if you do not provide feedback by following the link below, your account will be permanently suspended and your account will not be reopened unless the copyright holder withdraws this request.
But then there’s the link, and like all scams, it’s the first giveaway that something is wrong.
Always look at the website behind a link
While an untrained eye may not pick up that this message was a scam, the link is the obvious give-away, because much like how scammers can’t use a real company’s email in their scams, they also can’t host this scams on the real website. Often, they’ll try to use a similar domain that’s just different enough to make you think it’s the real deal, such as an extra letter the brain my disregard.
In this scam, the link to the so-called support item was clearly not on Twitter’s website, but rather “sites.google.com”, which may be on Google, but it’s free website space for people with a Google account. Think of it as space anyone can use, not an official Google site. Also, Twitter isn’t made or owned by Google, so part of this ruse is defeated when you realise that.
For this scammer, the attempt appeared as a fairly basic phishing account, complete with the typical assortment of poor English we’re used to seeing from scammers.
“As an Twitter Team, we play close attention to the Community rules”, read one part of the page. “Login in your account,” read another. “Please write your Username and Password and click “Confirm Account” and fill the next form.”
Yep, the language is poor, and clearly not Twitter, but with over 170,000 followers, you have to wonder how many people have fallen for the trick.
Scams in your social aren’t new
The problem is that scammers going through your social media accounts isn’t new, and is actually called “social engineering”. The idea behind this ploy is to trick you into thinking the messaging is legit, often by pretending to be a large organisation (such as Twitter), or by creating a similar account to a real friend and using that seed to convince you of their legitimacy.
To beat these sorts of scams (and pretty much any other scam), pay close attention to the details of a message — of any message — and make sure you don’t just hand over details without thinking.
Phishing scams often work because we don’t ask questions for why the sort of information being requested is being called for.
With Twitter, the scam attempt is asking for your username and password, but Twitter’s support team doesn’t need your password to act on something like this if it were real. If it was, in fact, a real issue, Twitter would just tell you, rather than have you log in, as you’re already a part of its system.
These sorts of scams aren’t new, however, and Twitter has been dealing with them over email in the past. However, it seems as though your Twitter’s direct message inbox is a new battleground, and one you’d do well to stay aware of.