Twitter Phishing Scam: Changing Your Password Might Not Be Enough

Alas, the Twitter phishing attacks continue. Today, many of my friends and followers have discovered that their IQs are higher than first thought (“Click here to take the quiz”) – which is hardly a surprise, given that yesterday they all figured out how to make $500 a day online.

(Can’t help but see a touch of irony in the fact that while conference and webinar attendees debate the appropriate ways in which lawyers and legal professionals may or may not use Twitter, on the ground, at first glance, it looks like they’re all making 500 bucks a day and “you can, too – just click here!”)

But that’s beside the point. If you are the victim of a Twitter phishing hack, definitely change your password. But I suspect that in some cases that might not be enough. After you’ve reset your pwd:

– Also go to your web-based Twitter account and click on the Settings link, top right of the page:

Picture 2.png

– Now click on the Connections tab that appears on the resulting “Settings” page. For example:

Picture 4.png

– Scan the resulting list of apps that have permission to connect to your account.

Do any look dubious? Or, more specifically, look like uninvited guests? Click Revoke Access to untether that connection.

Acting with an abundance of caution, you might disconnect some of the apps you willingly selected last week, last month, last year – but you can always reconnect when you realize what you are missing. And in the meantime, we can all go back to wondering about each other’s IQs without actually knowing.


New Twitter Phishing Scam Spreading via Direct Message (Mashable)
Twitter Fanatic Glimpses Dark Side of OAuth (The Register)