This has been a topic that has been discussed since the Internet was born. As long as there have been accounts, Internet / intranet sites and stored data, people have been hacking into them for various reasons.
In the social media space, most attacks on personal and corporate accounts are to do nothing more than garner account information to increase the hackers own data base of perspective “cold call” messaging.
Often the first attack is to get the victim’s account information to send out spam. The second reason is to sell that information to allow a third-party to mass message in the public timeline. And yes, there are many other reasons and lots that you won’t even see coming or going.
This is not the same as someone hacking into your account by using your actual password. The first protection from that occurring is to ensure you have a solid password. (I suggest one that is minimum 8 characters long and includes special characters, letters and numbers. I.e.: abC12#Zy )
The following graphics detail what occurs to allow these scams / hacks to occur and the steps you need to take if this ever happens to you.
In the graphic below, you can see some of the wording that is used to draw you into the scam. It is often based on things that demand your attention:
- Reputation management
- Ego
- Vanity
- Sentiment
Figure 1
Other successful campaigns have included terminology similar in nature:
- “This is the funniest picture I have ever seen of you”
- “I can’t believe you said this, what were you thinking”
- “After reading this, I’d like to discuss what we need to do next.”
You may know or not know the person who has sent the message. Your name is never included and the link address you need to click is always hidden with a URL shortener.
When you click the link you will be taken to the following page, or one similar.
Figure 2
Prior to clicking the link and putting my account information, I took a screen shot of my “Edit Profile Page”
In Figure 3 after ‘Design’ the screen is empty.
Figure 3
Here is what the page looks like after:
Figure 4
In Figure 4, ‘Applications’ has appeared.
Applications are 3rd party programs (applications) that you have authorized to use your Twitter Account. As discussed in your SM Training, anytime you authorize an app, it is good practise to look at what programs you have authorized to ensure only ones you have authorized are showing up.
In Figure 5, I have blocked out the names and descriptions of the apps but you can see to the right of the app the ‘Revoke Access’ tab has been highlighted.
Figure 5
Simply click the revoke access tab to remove the app from your list.
PARAMOUNT
You must change your password if this ever happens to you and in the future, don’t click links in Direct Messages, just ignore them.
There is always an inherent risk when clicking blind links (ones that don’t show the complete address). But, most links in Twitter are blind and rarely cause problems. It is NEVER ok to enter you password information UNLESS you are actually authorizing an app.
Authorizing an Authorized App – What you will see
Figure 6
