Just this weekend I had the first warning shot of how dangerous Twitter can potentially be to your reputation. And it wasn’t from accidentally posting offensive material, someone drunk using my computer at night, or any of the hundreds of other, slightly obvious, ways in which Twitter can be pretty harmful to the way people look at you. It was through accidentally spreading a bit of malware which, frankly, I hadn’t really considered to be too much of a risk.
On Saturday evening at around 10.30pm I got an SMS from a friend who follows us on Twitter (@mov8realestate) to tell me that it looked like our Twitter account had been hacked. He had just received a Direct Message (DM) from us, asking him to click on a link that Twitter marked as fraudulent. Fortunately I was on my way home after deciding to have a relatively early night, dashed to the computer, changed our passwords, tweeted to let people know what had happened and asking them not to click on any links that were apparently sent from us. How did it happen? Really simple…
I’d received a DM earlier in the day from somebody who we follow on Twitter and who I would have classed as the sort of person who wouldn’t ever send spam messages. It asked whether this was us in a photo, with a link to the photo. Sadly, the Twitter App on my iPhone didn’t flag the link as fraudulent in the same way as the web version of Twitter appears to have done for the people who informed me about all this. Long story short, by me clicking on the link and logging in to the @mov8realestate account, a Direct Message was sent, apparently from us to every one of our followers asking them in turn to click on the same fraudulent link that was sent to us.
So, what’s to be learned from this?
First, it’s very easy to fall prey to these things. With Twitter being limited to 140 character messages, it relies heavily on links to external websites, so you can’t be suspicious of every link otherwise you’d never get the full benefit of using Twitter.
Second, and this is the biggest lesson learned, thank goodness we manage our own Twitter account! I know of many companies that engage external PR companies to operate their Twitter accounts. If something similar happened to a company using an external PR agency, how quickly could they have reacted and changed their password when they started getting SMS messages from their friends at 10.30pm on a Saturday night saying their account had been hacked?
Third, there are some dangers to using multiple ways of operating your Twitter account. If I’d been logged-in to Twitter, using the web version, clicked on a link and been directed to the Twitter homepage as if I wasn’t logged-in, I’d have been hugely suspicious and would have assumed it was a rogue site. However, I was using my iPhone Twitter App, didn’t see the URL of the website that I was directed to (which would probably have identified it as some sort of phishing site), and didn’t think twice about logging in because I wasn’t already logged in. Equally, the link wasn’t flagged as potentially fraudulent which the website seemed to do.
It’ll certainly make me a lot of more careful in future, and I got an apologetic message from the guy whose malware-infected Twitter client started all this in the first place but, when all is said and done, there is certainly some heightened level of danger to using a communication tool that relies for much of its fun and usefulness on shortened links to external websites. And I guess that’s a trade-off that we have to accept in using Twitter.