I regretted clicking although nothing happened immediately. Minutes later I saw someone’s Facebook warning that the “is this you?” message was malware and you shouldn’t click on the attached link. I was annoyed at my stupidity and hoped nothing further would come of it. But when I checked the Internet on Friday morning it was obvious a lot more had come of it.What happens when you click on the link is your Twitter password is sent to the attackers, permitting them access to your account. According to Cashmore, your friends receive the same message shortly after, which will look like it was sent out by you. I didn’t send out the same message (as far as I can tell) but the one I did send was a classic in its own right.
Around 7am yesterday morning, about a hundred DMs were unleashed from my account. Twitter has now cleaned out all the messages from my sent folder however someone was kind enough to send me a screenshot of how it looked. In the message I was claiming to be “female/24/horny” and added “I have to get off here but message me on my windows live messenger name firstname.lastname@example.org” It is unlikely that any of the messages would have fooled their recipients. They were all sent out complete with my name and headshot avatar which makes it blatantly apparent I am neither female, 24 nor horny (unless by ‘horny’ they meant ‘scaly’).
I was unaware of this activity while munching my breakfast. When I logged on an hour later, I checked my emails and noticed a lot of Twitter DMs sent to me in return. These were all genuine DMs sent by friends who were either laughing at the absurdity of the message (if they knew me well) or warning me I was hacked (if they didn’t). When I logged on to Twitter there were many more messages.
“Just got a DM from @derekbarry that makes me think his account has been hacked.”
“Time to change your Twitter passwd. Ur sending our “interesting” DM spam. eg “..hi, i’m 24/female/horny…message me on my…”
“unless you are leading a secret double life someone is using your account for spam”.
“Derek, your account has been compromised. Unless you really ARE 24 and horny.”
“You don’t look like a 24yo horny female to me…. 🙂 I think you’ve been hacked!!”
“so u won’t hit any “is this you?” messages in future? 🙂 was caught by one back at Xmas. Mine sent out colonic irrigation tweets :P”
One person wrote to tell me he had received one of female/24/horny messages but he also had been hacked and was “going nuts” about how to solve the problem. While I was sympathetic, this was not my reaction. I was momentarily embarrassed so much spam had been sent out in my name but looking at how absurd it was, I found it funny. It was also unwittingly the cause of more real interaction with people than I would normally have had if I’d been left alone.
I sent out a few Tweets apologising for the spam, joked about being scaly rather than horny and immediately changed my Twitter password. This got a lot of responses most of which saw the funny side of what had happened. I hope my reputation in Twitter allowed me to turn a potentially nasty situation into one which people could laugh at. And as far as I know, no one stopped following me thinking I was a spambot.
Within a half hour, I got an email from Twitter saying they believed my account was compromised. They forced me to change my password again and hopefully I’m now clean until the next time I accidentally click on a safe looking link. I say “next time” because despite increased wariness I’m convinced it will happen again. Spammers are becoming more adept at convincingly mimicking real behaviours – though they still leave a lot to be desired in matching physical attributes with the text!