Users on Twitter have been receiving messages purporting to be from “Twitter Support” urging them to act quickly to avoid suspension, often even from users with a blue check. But these are almost certainly scams — here’s what to look out for, and what it would look like if Twitter actually needed to contact you.
First, it should just be mentioned as a general rule that any message from anyone you don’t know on any platform you use should be viewed with suspicion. Do not follow any links or instructions, and if you’re at all unsure, take a screenshot and send to a friend for help!
On to today’s problem: DM spam.
This type of trick goes by various names depending on what the scammers are after. It might be garden variety phishing, and they’re trying to trick you into divulging personal or financial information. But it could be a more sophisticated, long-term plan to get access to high profile accounts.
The springboard method
It works like this: first you do a bit of spray-and-pray style messaging to get a few people to click through to one of many methods of getting their credentials, whether it’s social engineering (“Please verify your current password”) or a fake app (“Please update Tw1tter”) or some more serious device-level takeover. This nets the scammers control over a handful of real people’s accounts.
Using these accounts, they spam DMs further, using the accounts’ legitimacy to mask their nefarious doings. This nets them more accounts, and if they’re lucky, they’ll springboard to higher profile ones, like a verified account the user follows who has their DMs open.
Once they have taken over a blue check account, they might change the name to something like “Urgent Support” and start sending out legitimate-looking warnings to the no doubt thousands of followers such a user will have.
Here’s how to spot a scam and protect yourself. One message a TechCrunch reporter received today from a verified account went as follows:
Twitter Support | Violation
We’ve detected a lot of suspicious login attempts on your account lately.
We care about the security of verified accounts.
Your account will be suspended within 24-48 hours for security reasons. If you are not doing this, you must submit an appeal form to us so that your account is not suspended and we can review it.
[link to innocuous looking non-Twitter domain]
In any case, we will contact you again through this channel.
Thank you for your understanding,
Twitter Help Account.
A lot of people will see the verified account, a bit of boilerplate-looking warning text, and just hit the link. How should they know what a Twitter suspension warning looks like? They’re not internet sleuths, and frankly they shouldn’t have to be in order to keep their account safe, but this is the reality of social media today.
Fortunately it’s very easy to spot a scam, and you can protect yourself with the following steps.
How to spot a scammy DM
First, there are a couple red flags with the message itself.
Twitter will never contact you via DM for account issues. This type of communication is generally done via the email associated with the account. Think about it: if Twitter thinks a scammer might have taken over your account, are they doing to DM that account? Nope — they have a secure line to your email that only they know about. “If we contact you, we’ll never ask for your password & our emails will be sent from https://twitter.com/ / https://e.twitter.com only,” a Twitter rep said. If you do get a text, it will come from 40404.
The sender is not Twitter. Again, Twitter wouldn’t use this channel to begin with, but the message doesn’t even come from them. If you looked at the person’s profile, you’d find they’re just some random person, or “egg” as we used to call them.
The link goes somewhere you’ve never heard of. Of course it doesn’t have to go to scam-links.xxx to be suspicious! Links in any message, DM or email or even online can be and often are designed to be misleading. This link to twitter.com actually goes to Google, for instance. Only follow links in messages or emails you know are authentic — if you’re not sure, don’t do it!
The language is kind of off. Not everyone will pick up on this, but on a close reading it’s clear this is probably not by a native English speaker — and a Twitter communication in English would surely be in clear, error-free language. It’ll be the same in other languages — if you notice something weird, even if you can’t be sure, that should set off alarm bells!
So what should you do if you get a message that looks scammy? The safest thing is to ignore and delete. If you want, you can report it to Twitter using the directions here.
Protect yourself with two-factor security
The single best thing you can do to protect against scams like this is to turn on two factor authentication., sometimes called 2FA or MFA (multi-factor authentication). We’ve got a whole guide for it here:
2FA will be in your Twitter security settings, and in the security settings for lots of your other online apps and services as well. What two-factor authentication does is simply check directly with you via a secure “authenticator” app that asks “are you trying to sign into Twitter?” If you see that message and you’re not signing into Twitter, something’s up!
When you do want to sign in, it will ask you for a number generated by the authenticator app that only you can see, or sometimes via text (though this method is being phased out). These numbers should only be entered at the login screen and never, ever told to anyone else.
If you have 2FA enabled, then even if you accidentally give some login info to a scammer, when they try to log in it will check with you to make sure. This is an incredibly helpful thing in today’s dangerous cybersecurity environment!
That’s all – now you and anyone you care to tell won’t get scammed on Twitter this way. If you want to further boost your cybersecurity prowess, check out our Cybersecurity 101 series.