Twitter has seen a spate of spammy, scammy tweets proliferate through its network lately. It’s a good idea to arm yourself with a solid defense against these type of tweets, so you don’t accidentally click on a scammer’s link and find yourself embroiled in a battle against malware.
We’ve got five clues that you’re reading Twitter spam, so you can avoid being caught in the net.
Sophos’ digital security blog Naked Security has identified a number of new Twitter scams that have cropped up lately, including one that offers people a free iTunes gift card, another that claimed to have the secret to making money online, and another that claims to get you the perfect “beach body”. They are sent via a standard tweet, @replies, and Direct Messages, and can even appear to come from someone you trust.
Most Twitter scams seem to spam the network with messages that appear too-good-to-be-true in some way (that scandalous video of Justin Bieber? Nope, sorry, it’s just a scam), and then get users to click away from Twitter to a third-party website which either collects personal data, tries to get a credit card subscription, asks users to fill out a survey or even phishes for passwords.
In order to protect yourself from these types of scams, you’ve got to be able to identify what Twitter spam is so you don’t accidentally click it. Here are five features of Twitter spam that should sound the alarm:
Twitter spammers and scammers love stuffing their tweets with hashtags. You’ll often see three, four, sometimes even more hashtags in a single spam tweet. They often choose Trending Topics as well, whether they are hashtags or not. This ensures that the tweets containing the spam will be seen by more people, as they click on the hashtags.
If you see a tweet with a bunch of hashtags thrown in – especially if those hashtags don’t really seem to be related to one another or to the content of the tweet – it’s likely spam. Don’t click!
Twitter and several third-party apps now allow you to preview links before you click them. Use this feature. It could protect you from some serious malware.
Spammers will often use a URL shortening service like goo.gl to cloak their malicious links in something that looks more benign. If you’re able to preview the links, do it, and make sure you’re only clicking through to domains that you trust.
Spammers will sometimes set up bots, fake or dummy accounts that tweet the scam over and over. These bots often look like real profiles, complete with avatar and bio, but they’re not.
Bots range from the sophisticated to the obvious, but you’ve got to have a pretty good nose these days to sniff one out. It’s best not to click links from an account that you aren’t familiar with or that you don’t trust, until you verify that it is a real person.
Out-of-character tweets from trusted accounts
On the other end of the scammer spectrum, even trusted accounts can, unfortunately, send out malicious links and spam.
Some third-party apps designed by scammers will hijack the Twitter accounts of unsuspecting individuals who thought they were giving permission to a more innocent type of app, and they’ll send periodic spam messages from their account, usually without them even being aware. This is a dangerous situation, but you can usually tell if a trusted account has been hijacked because it will begin sending out uncharacteristic tweets – sometimes sales-y in tone, filled with exclamation marks, or otherwise unlike the usual author. Let them know you think they’ve been hacked, and direct them to this Twitter help page.
Accounts only a few days old
Lastly, scammers will often set up multiple accounts when they begin their spam campaign, which provides an easy solution for avoiding their garbage: if an account is only a few days old, don’t trust it.
This might sound harsh, but it’s for your safety. New accounts are significantly more likely to be bots or dummy accounts. And if the account is actually a real person or brand, you’ll be able to trust them more after a few weeks of their tweeting.