Beware of Twitter Direct Message (DM) Spam and Scams

Have you ever received a "Direct Message" in Twitter with a link in it? Stop and think twice. You might not want to be clicking on it. The link might be a spam. Or worst, it may be a phishing scam.

This is not new. These kinds of spam have been around since Twitter's inception. These are known as "Twitter Direct Message Spam" or "Twitter Direct Message Scams". Instead of "Direct Message", the we often use the abbreviation "DM".

If you Google these phrases, you will find lots of articles trying to help Twitter users become aware of such frauds and annoyances. However, if you are a new Twitter user, you may not be aware of them, how they work, and what their purpose is. This article will explain all this to you in full detail. More importantly, it will show you how to spot such spam and scams so that you do not click on these nefarious links.

Twitter Direct Message (DM)

First let's explain what is a Twitter "Direct Message". Any Twitter user that you are following can send you a "Direct Message", or a DM. If you are not following the person, they can not send a direct message to you.

However, just because you have received a DM from say your friend, it does not necessarily mean that your friend actually sent that message to you. Your friend's Twitter account could have been hacked by spammers or compromised by a computer virus.

If the direct message that you received is some spammy link, then most likely that is the case. And you should informed your friend that his/her account has been hijacked to send spam. And that he/she should change password immediately. He/she may not even be aware. And you might also want to report the spam to Twitter.

When a person send you a direct message, Twitter will email you a notification that you have received a direct message. The email may look like this ...

Twitter Direct Message scam
Twitter Direct Message scam

This Direct Message is a Scam

In this case, this direct message is a scam. It was not sent by the person as claimed. It was sent by a spammer or a computer virus who wants you to click on the scam link. Whatever you do, DO NOT click on the link.

This is an classic example of a scam message. Note the misspelling of the word "viddeoo" is in the scam message. Whenever you see misspellings, you should become more suspicious.

There are two possibility....

1. The spammer constructed an email that looks like an Twitter notification. Hoping that you be fooled and click on the link.

2. Someone that I am following on Twitter has been hacked. Spammer is using his/her account to send out Twitter direct messages to his/her followers.

In this case here, it is the latter. And the majority of the cases are in that form where an Twitter account has been compromised.

The Direct Message in Twitter

I can tell that this was a direct message sent though the Twitter system. Because when I log into my Twitter account and go to my Direct Messages page ...

To go to Twitter Direct Messages page
To go to Twitter Direct Messages page

I see that same scam message within the Twitter system ...

So clearly, the message came from the account of someone that I am following. If the problem persists, consider unfollowing the Twitter account that is sending out spam. Again, if you are not following, then they can not send you DM.

Now, I am sure that person is not in the habit of sending spams. That is because I do not randomly follow people. And I do not use tools to auto-follow. I vet the people I follow to see if they have worthwhile tweets before I follow them.

Why You Should Never Auto-Follow

To avoid getting too many of these Twitter DM spam, it is best not to "auto-follow". Because spammer will intentionally follow you so that you can auto-follow them back. Spammers want you to follow them because that is the only way they can send you a Twitter DM.

So don't auto-follow. Twitter itself does not have such a feature, but there are tools that auto-follow for you.

What Happens if You Click on the Spam Link

If you inadvertently clicked on a spam or scam link, any number of things can happen depending on the spammers intention.

At best, it will take you to some sales page and encourage you to buy something, sign up for something, or do something that will make the spammer a bit of money. Don't buy it.

At worst is when the link installs some malware or virus on your computer. Always keep an updated copy of antivirus / antimalware software running on your machine.

Just as bad is when it turns out to be a phishing scam and your password or credit card number is stolen.

Or it can be anything else nefarious that spammers come up with next.

Phishing Scams

Let's talk about phishing scam. It is like "fishing" and pronounced that way too, but spelled with "ph".

Phishing is when spammer attempt to acquire your username and password or even credit card by masquerading as a trustworthy familiar site (such as facebook or twitter).

For example... If the message was a phishing scam, the link might take you to a site that looks exactly like Twitter. But if you look carefully at the URL web address in your browser, it is not the correct URL for Twitter. Always check the web addresses on your browser.

But if you are not careful, you might think it is Twitter and what you see is an username and password login. Well, if you type in your username and password to this fake Twitter site, then they have just stolen your username and password.

With Phishing, if you clicked on the link and landed on the fake site, but did not type in any username, passwords, or credit card, then most likely you are safe.

Phishing is exactly one of the ways in which Twitter accounts have been hacked or compromised. Now that spammer has hijacked a particular Twitter account, they can use it to send out more scam direct messages to more people. Of course, spammers may boost efficiency by using computer scripts and virus so that they don't have to do all this manually by hand.

Have Your Twitter Account Been Hacked?

OMG! What if you had clicked on the scam link and had in fact entered an username and password on what you thought were Twitter or Facebook?

Stop reading this and go change your passwords immediately.

Have Spammers Been Using Your Twitter Account?

One way to see if spammer have been using your Twitter account is to check your direct messages page in Twitter. Do you see any messages that you had not composed yourself?

Here is an example where I sent a direct message to a Twitter follower...

If you expand the conversation arrow, you can see better whether this message was sent from your Twitter account or whether it was received to your Twitter account.

See how the text bubble shows that it was sent from my Twitter avatar. That means that message was sent from my Twitter account.

If you see messages sent from your Twitter account that you did write, then for sure your account has been hijacked and are being used by spammers to send spam messages.

If you do not see any messages sent from your Twitter account, that does not necessarily mean that spammers are not using it. They could have covered up their tracks by deleting the sent messages.

Deleting DMs

See how when I hover my mouse over the side of the message, then a trash can icon appears. When I click on the trash can icon, a red button appears asking me to confirm the delete of the message.

Once deleted, it can not be undeleted. And there is no history or trace of the message.

By the way, if you received spam messages, make sure you delete them so that you do not accidentally click on the link. Delete your Twitter notification email as well.

Facebook Scams

Many people use the same passwords for Facebook and Twitter. So if spammer got your password for one, they got the password for the other.

In the scam message in our example, the link appears to go to Facebook. And it could very well be a fake Facebook with a login page phishing for my username and password.

Another possibility is that it could be the real actual Facebook site. Because Facebook allow API access and Facebook apps and such, spammer can get really creative. So any number of things can still trick you even if the link goes to the real Facebook site.

For example, the Twitter link may be a link to a profile page on the real Facebook, which then redirect you to a fake Facebook-like page and then do the phishing scam. Or the link to Facebook may run script that post things on your Facebook wall -- provided that you are currently already logged into Facebook.

It might be a good idea to log out of Facebook (or Twitter for that matter) whenever you are not using it. That way if a link takes you to Facebook in an attempt to run some script, it can not affect your Facebook account if you are logged out.

Or it could be any of the Top 10 Facebook scams. Or anything else. Just be careful.

Twitter Apps Can Also Send Out Spam

Twitter Apps can also send out Twitter DM spam. Twitter Apps are applications that you allow to control your twitter account (including sending out Tweets).

You can see a list of applications and what permissions they have over your Twitter account by going into Twitter settings -> Apps. You can then revoke access of these apps.

What are some scammy messages?

Scammer use different messages to entice you to click on the link. The message is designed to arouse your curiosity. But they tend to follow certain themes.

Some of the message might be in these forms ...

  • what are you doing in this video
  • somebody is saying horrible things about you
  • you are in this video
  • found you in this funny picture
  • is this you in this picture?
  • check this out... it's a funny blog post. you're mentioned in it
  • you didn't see them taping you
  • you seen what this person is saying about you
  • are you aware of some bad rumors someone is making
  • bad blog going around about you
  • someone posting pic of you all over twitter
  • you have to check this out

and so on ...

And here are more articles about Twitter spam as reported by other websites...

More by this Author


Comments 8 comments

penlady profile image

penlady 4 years ago from Sacramento, CA

This is so informative. My Twitter account was hacked a while back. Horrible experience. I was still new to Twitter and didn't know what was going on until someone told me I had been hacked and what to do.

Why do people have to be so evil in doing mess like this? You'd think they'd find something more productive to do on the internet than hack other people's Twitter accounts!

Voted up, useful, and tweeted. Thanks for creating.


BlissfulWriter profile image

BlissfulWriter 4 years ago Author

Thanks for tweeting my article.


alocsin profile image

alocsin 4 years ago from Orange County, CA

I've never had much luck with Twitter, so I don't use it often. But thanks for warning me what to watch out for. Voting this Up and Useful.


BlissfulWriter profile image

BlissfulWriter 4 years ago Author

Thanks for the vote up.


assimilated profile image

assimilated 4 years ago

Nice hub. I wasn't totally aware of all the methods you described.

I'm not using Twitter very excessively but I'm beginning to like it so your tips might be handy someday (hopefully not) :-)


BlissfulWriter profile image

BlissfulWriter 4 years ago Author

By writing this hub, I hope more people will become more aware of the methods used by spammers.


MarleneB profile image

MarleneB 4 years ago from Northern California, USA

I see those spammy messages, but fortunately I never click on them. I don't use Twitter too much, but I think now after reading your hub I should go check out my Twitter account to see if it has been hacked or something. Thank you. Your information is very helpful.


CraftytotheCore profile image

CraftytotheCore 3 years ago

Thank you for this! This morning I just noticed I had some inappropriate hate comments in my rarely used twitter account. There must have been 50 of them dating back 2 years. I never noticed them before because I'm not on all that much. Most of them were saying things such as they had found bad photos of me and were posting them all over the internet or I should check out the nasty rumors people are spreading about me. How sick!

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working