Tag Archives: phishing

Feb 23, 2010

Businesses on Twitter – You Have One Extra Rule To Live By

Can anyone guess what that rule is?  Drumroll please……….. . . . . ……….. you cannot randomly click on links sent to you in Direct Messages!  I will explain why below.  I am certain I could flesh this point out in greater detail, turning it into a full-blown how-to for businesses on Twitter.  But for now, allow me to point out something very important to you.

If you are a business on Twitter, you actually have several extra rules that you must live by.  You probably shouldn’t curse too much, call people names, fight with anyone, engage in even light racism, solicit sexual partners, fence stolen goods, or talk about how your farts smell.

And if you’ve hired a Social Media agency to handle your Tweets, you have to make sure they understand this, as well. Anything an agency is doing for you… they are doing it in your name. This should be second nature to them.

The pic below should illustrate how potentially jarring one small errant click can be.  I received the following Twitter DM from a CPA firm.  I blurred out their particulars just because it felt like the right thing to do.  If I were to click on the link they sent me, it would commandeer my Twitter account and send a bunch of these links to a bunch of my followers.  So someone handling the CPA firm’s Twitter account clicked on a similar link that they had received in a DM.  It’s a standard Twitter phishing attack.

Image and video hosting by TinyPic

Ultimately, does this reflect really poorly on the CPA firm? That’s debatable – if you’re new to Twitter and aren’t aware of these phishing attacks, you might receive this message and say, “WTF is with this CPA firm?”  You might even unfollow them. But then I thought, the text of this attack is so outrageous, I think most people on Twitter “get it,” and therefore would not hold it against the sender. My guess is that this conservative CPA firm wishes that this had never happened!

Why, then, do these phishing attacks continue to work? Why have I received this exact DM over 50 times in the last two days?  It’s because people keep clicking them! Note that all you have to do is click – with many of these phishing attacks, you do not have to provide them your password – click, and they just steal it from you.  Clever, isn’t it?

You wouldn’t think that one click could get you in this much trouble. But if you’re a conservative CPA firm, or an office supply company, or even a funny t-shirt website :-) , you cannot afford to besmirch your good name by falling victim to a phishing attack. (Full disclosure: months ago, I clicked on one of these. It sucked!)

I suppose this advice is applicable to all of the Twitterzens on Twitter, but it carries special importance for businesses with brands to protect – stick to business, and stop clicking on random links in DMs!


As I was completing this blogpost, I received the apology you see below.  It came 90 minutes after I received the first offending DM. Out of the 50+ sex-related DMs I have received in the past two days, this is the only apology so far. I don’t need an apology, but these people obviously care about their business, and I applaud them for that.

Image and video hosting by TinyPic