Users on Twitter have been receiving messages purporting to be from “Twitter Support” urging them to act quickly to avoid suspension, often even from users with a blue check. But these are almost certainly scams — here’s what to look out for, and what it would look like if Twitter actually needed to contact you.

First, it should just be mentioned as a general rule that any message from anyone you don’t know on any platform you use should be viewed with suspicion. Do not follow any links or instructions, and if you’re at all unsure, take a screenshot and send to a friend for help!

On to today’s problem: DM spam.

This type of trick goes by various names depending on what the scammers are after. It might be garden variety phishing, and they’re trying to trick you into divulging personal or financial information. But it could be a more sophisticated, long-term plan to get access to high profile accounts.

The springboard method

It works like this: first you do a bit of spray-and-pray style messaging to get a few people to click through to one of many methods of getting their credentials, whether it’s social engineering (“Please verify your current password”) or a fake app (“Please update Tw1tter”) or some more serious device-level takeover. This nets the scammers control over a handful of real people’s accounts.

that message from ‘twitter support’ is almost certainly fake

Example of a scam DM from a hacked verified account.

Using these accounts, they spam DMs further, using the accounts’ legitimacy to mask their nefarious doings. This nets them more accounts, and if they’re lucky, they’ll springboard to higher profile ones, like a verified account the user follows who has their DMs open.

Once they have taken over a blue check account, they might change the name to something like “Urgent Support” and start sending out legitimate-looking warnings to the no doubt thousands of followers such a user will have.

Here’s how to spot a scam and protect yourself. One message a TechCrunch reporter received today from a verified account went as follows:

Twitter Support | Violation

Hello,

We’ve detected a lot of suspicious login attempts on your account lately.

We care about the security of verified accounts.

Your account will be suspended within 24-48 hours for security reasons. If you are not doing this, you must submit an appeal form to us so that your account is not suspended and we can review it.

[link to innocuous looking non-Twitter domain]

In any case, we will contact you again through this channel.

Thank you for your understanding,
Twitter Help Account.

A lot of people will see the verified account, a bit of boilerplate-looking warning text, and just hit the link. How should they know what a Twitter suspension warning looks like? They’re not internet sleuths, and frankly they shouldn’t have to be in order to keep their account safe, but this is the reality of social media today.

Fortunately it’s very easy to spot a scam, and you can protect yourself with the following steps.

How to spot a scammy DM

that message from ‘twitter support’ is almost certainly fake

Image Credits: MicrovOne / Getty Images

First, there are a couple red flags with the message itself.

Twitter will never contact you via DM for account issues. This type of communication is generally done via the email associated with the account. Think about it: if Twitter thinks a scammer might have taken over your account, are they doing to DM that account? Nope — they have a secure line to your email that only they know about. “If we contact you, we’ll never ask for your password & our emails will be sent from https://twitter.com/ / https://e.twitter.com only,” a Twitter rep said. If you do get a text, it will come from 40404. The sender is not Twitter. Again, Twitter wouldn’t use this channel to begin with, but the message doesn’t even come from them. If you looked at the person’s profile, you’d find they’re just some random person, or “egg” as we used to call them. The link goes somewhere you’ve never heard of. Of course it doesn’t have to go to scam-links.xxx to be suspicious! Links in any message, DM or email or even online can be and often are designed to be misleading. This link to twitter.com actually goes to Google, for instance. Only follow links in messages or emails you know are authentic — if you’re not sure, don’t do it! The language is kind of off. Not everyone will pick up on this, but on a close reading it’s clear this is probably not by a native English speaker — and a Twitter communication in English would surely be in clear, error-free language. It’ll be the same in other languages — if you notice something weird, even if you can’t be sure, that should set off alarm bells!

So what should you do if you get a message that looks scammy? The safest thing is to ignore and delete. If you want, you can report it to Twitter using the directions here.

Protect yourself with two-factor security

The single best thing you can do to protect against scams like this is to turn on two factor authentication., sometimes called 2FA or MFA (multi-factor authentication). We’ve got a whole guide for it here:

2FA will be in your Twitter security settings, and in the security settings for lots of your other online apps and services as well. What two-factor authentication does is simply check directly with you via a secure “authenticator” app that asks “are you trying to sign into Twitter?” If you see that message and you’re not signing into Twitter, something’s up!

When you do want to sign in, it will ask you for a number generated by the authenticator app that only you can see, or sometimes via text (though this method is being phased out). These numbers should only be entered at the login screen and never, ever told to anyone else.

If you have 2FA enabled, then even if you accidentally give some login info to a scammer, when they try to log in it will check with you to make sure. This is an incredibly helpful thing in today’s dangerous cybersecurity environment!

That’s all – now you and anyone you care to tell won’t get scammed on Twitter this way. If you want to further boost your cybersecurity prowess, check out our Cybersecurity 101 series.

TECH NEWS RELATED

upGrad raises $210 million at $2.25 billion valuation in round led by ETS Global, Bodhi Tree

Edtech unicorn upGrad has raised $210 million in a funding round at a valuation of $2.25 billion, led by ETS Global, one of the world’s largest providers of global entrance tests like GRE and TOEFL, and Bodhi Tree, an investment vehicle set up by media veterans Uday Shankar and ...

View more: upGrad raises $210 million at $2.25 billion valuation in round led by ETS Global, Bodhi Tree

iDenfy’s AI-powered identity verification will shield Peccala customers from fraud

iDenfy, the global remote identity verification and fraud prevention company, joined forces with Peccala, the cryptocurrency investment platform that provides tokenized crypto Robo-investor services

View more: iDenfy’s AI-powered identity verification will shield Peccala customers from fraud

Top ways to keep your business ahead of the curve

Once starting up, the competition can be fierce, and it can be difficult standing out from the crowd. You always need to be ahead of the game and prepare for the unexpected.

View more: Top ways to keep your business ahead of the curve

Applications are open for the Impact Accelerator for Women Founders 

AWS is launching a one-of-its-kind programme that gives more women founders the support they need to accelerate their businesses. 

View more: Applications are open for the Impact Accelerator for Women Founders 

4 principles for building an MVP even if you can’t write a single line of code

Magnus Grimeland Contributor Share on Twitter Magnus Grimeland is the founder and CEO of Antler, a global early-stage VC firm. Coding is the new literacy — for years, people have been calling programming the X-factor that guarantees future success. It’s no surprise there is a widespread perception in the startup ...

View more: 4 principles for building an MVP even if you can’t write a single line of code

How has customers wants and needs changed?

The customer is always right, and one of the most important factors when it comes to business decisions. So how do you keep the customer happy?

View more: How has customers wants and needs changed?

In Africa, Kenyan startups have so far recorded highest funding growth this year

Kenyan startups raised nearly one billion dollars in the first half of 2022, surpassing what the country raised in the whole of 2021. Data shows that, of the big four in Africa – the quartet that includes Nigeria, Egypt and South Africa, and which receives most VC funding in ...

View more: In Africa, Kenyan startups have so far recorded highest funding growth this year

US Treasury sanctions Tornado Cash, accused of laundering stolen crypto

The U.S. has sanctioned decentralized cryptocurrency mixing service Tornado Cash for its role in enabling billions of dollars worth of cryptocurrency to be laundered through its platform. Tornado Cash, along with other mixers such as AlphaBay, enables customers to conceal the source of their crypto funds when participating in ...

View more: US Treasury sanctions Tornado Cash, accused of laundering stolen crypto

Less than 1% of Netflix’s subscribers want to play its mobile games

Ethereum co-founder sees role diminishing as blockchain becomes increasingly decentralized

How an Armenian startup plans to use a new innovation to tackle the billion-dollar phishing industry

5 reasons why Ukraine’s fintech sector is growing despite war

Volunteer for work exchange and get a free pass to Disrupt

Bolt Mobility bolted (and left cities with a mess) and other TC news

That big climate bill might actually make a difference

Northrop Grumman taps Firefly Aerospace to upgrade its Antares rocket to American-built engines

Apple adds the battery percentage icon back in the latest iOS beta

Cloud kitchen startup Bigspoon raises Rs 100 crore from IAN, NB Ventures

HBO Max attempts to fix its notoriously buggy app with oft-requested features

Black Founders Matter ousts Black founder, morphs into BFM Fund

OTHER TECH NEWS

Top Car News Car News