ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Beware of Twitter Direct Message (DM) Spam and Scams

Updated on August 19, 2012

Have you ever received a "Direct Message" in Twitter with a link in it? Stop and think twice. You might not want to be clicking on it. The link might be a spam. Or worst, it may be a phishing scam.

This is not new. These kinds of spam have been around since Twitter's inception. These are known as "Twitter Direct Message Spam" or "Twitter Direct Message Scams". Instead of "Direct Message", the we often use the abbreviation "DM".

If you Google these phrases, you will find lots of articles trying to help Twitter users become aware of such frauds and annoyances. However, if you are a new Twitter user, you may not be aware of them, how they work, and what their purpose is. This article will explain all this to you in full detail. More importantly, it will show you how to spot such spam and scams so that you do not click on these nefarious links.

Twitter Direct Message (DM)

First let's explain what is a Twitter "Direct Message". Any Twitter user that you are following can send you a "Direct Message", or a DM. If you are not following the person, they can not send a direct message to you.

However, just because you have received a DM from say your friend, it does not necessarily mean that your friend actually sent that message to you. Your friend's Twitter account could have been hacked by spammers or compromised by a computer virus.

If the direct message that you received is some spammy link, then most likely that is the case. And you should informed your friend that his/her account has been hijacked to send spam. And that he/she should change password immediately. He/she may not even be aware. And you might also want to report the spam to Twitter.

When a person send you a direct message, Twitter will email you a notification that you have received a direct message. The email may look like this ...

Twitter Direct Message scam
Twitter Direct Message scam

This Direct Message is a Scam

In this case, this direct message is a scam. It was not sent by the person as claimed. It was sent by a spammer or a computer virus who wants you to click on the scam link. Whatever you do, DO NOT click on the link.

This is an classic example of a scam message. Note the misspelling of the word "viddeoo" is in the scam message. Whenever you see misspellings, you should become more suspicious.

There are two possibility....

1. The spammer constructed an email that looks like an Twitter notification. Hoping that you be fooled and click on the link.

2. Someone that I am following on Twitter has been hacked. Spammer is using his/her account to send out Twitter direct messages to his/her followers.

In this case here, it is the latter. And the majority of the cases are in that form where an Twitter account has been compromised.

The Direct Message in Twitter

I can tell that this was a direct message sent though the Twitter system. Because when I log into my Twitter account and go to my Direct Messages page ...

To go to Twitter Direct Messages page
To go to Twitter Direct Messages page

I see that same scam message within the Twitter system ...

So clearly, the message came from the account of someone that I am following. If the problem persists, consider unfollowing the Twitter account that is sending out spam. Again, if you are not following, then they can not send you DM.

Now, I am sure that person is not in the habit of sending spams. That is because I do not randomly follow people. And I do not use tools to auto-follow. I vet the people I follow to see if they have worthwhile tweets before I follow them.

Why You Should Never Auto-Follow

To avoid getting too many of these Twitter DM spam, it is best not to "auto-follow". Because spammer will intentionally follow you so that you can auto-follow them back. Spammers want you to follow them because that is the only way they can send you a Twitter DM.

So don't auto-follow. Twitter itself does not have such a feature, but there are tools that auto-follow for you.

What Happens if You Click on the Spam Link

If you inadvertently clicked on a spam or scam link, any number of things can happen depending on the spammers intention.

At best, it will take you to some sales page and encourage you to buy something, sign up for something, or do something that will make the spammer a bit of money. Don't buy it.

At worst is when the link installs some malware or virus on your computer. Always keep an updated copy of antivirus / antimalware software running on your machine.

Just as bad is when it turns out to be a phishing scam and your password or credit card number is stolen.

Or it can be anything else nefarious that spammers come up with next.

Phishing Scams

Let's talk about phishing scam. It is like "fishing" and pronounced that way too, but spelled with "ph".

Phishing is when spammer attempt to acquire your username and password or even credit card by masquerading as a trustworthy familiar site (such as facebook or twitter).

For example... If the message was a phishing scam, the link might take you to a site that looks exactly like Twitter. But if you look carefully at the URL web address in your browser, it is not the correct URL for Twitter. Always check the web addresses on your browser.

But if you are not careful, you might think it is Twitter and what you see is an username and password login. Well, if you type in your username and password to this fake Twitter site, then they have just stolen your username and password.

With Phishing, if you clicked on the link and landed on the fake site, but did not type in any username, passwords, or credit card, then most likely you are safe.

Phishing is exactly one of the ways in which Twitter accounts have been hacked or compromised. Now that spammer has hijacked a particular Twitter account, they can use it to send out more scam direct messages to more people. Of course, spammers may boost efficiency by using computer scripts and virus so that they don't have to do all this manually by hand.

Have Your Twitter Account Been Hacked?

OMG! What if you had clicked on the scam link and had in fact entered an username and password on what you thought were Twitter or Facebook?

Stop reading this and go change your passwords immediately.

Have Spammers Been Using Your Twitter Account?

One way to see if spammer have been using your Twitter account is to check your direct messages page in Twitter. Do you see any messages that you had not composed yourself?

Here is an example where I sent a direct message to a Twitter follower...

If you expand the conversation arrow, you can see better whether this message was sent from your Twitter account or whether it was received to your Twitter account.

See how the text bubble shows that it was sent from my Twitter avatar. That means that message was sent from my Twitter account.

If you see messages sent from your Twitter account that you did write, then for sure your account has been hijacked and are being used by spammers to send spam messages.

If you do not see any messages sent from your Twitter account, that does not necessarily mean that spammers are not using it. They could have covered up their tracks by deleting the sent messages.

Deleting DMs

See how when I hover my mouse over the side of the message, then a trash can icon appears. When I click on the trash can icon, a red button appears asking me to confirm the delete of the message.

Once deleted, it can not be undeleted. And there is no history or trace of the message.

By the way, if you received spam messages, make sure you delete them so that you do not accidentally click on the link. Delete your Twitter notification email as well.

Facebook Scams

Many people use the same passwords for Facebook and Twitter. So if spammer got your password for one, they got the password for the other.

In the scam message in our example, the link appears to go to Facebook. And it could very well be a fake Facebook with a login page phishing for my username and password.

Another possibility is that it could be the real actual Facebook site. Because Facebook allow API access and Facebook apps and such, spammer can get really creative. So any number of things can still trick you even if the link goes to the real Facebook site.

For example, the Twitter link may be a link to a profile page on the real Facebook, which then redirect you to a fake Facebook-like page and then do the phishing scam. Or the link to Facebook may run script that post things on your Facebook wall -- provided that you are currently already logged into Facebook.

It might be a good idea to log out of Facebook (or Twitter for that matter) whenever you are not using it. That way if a link takes you to Facebook in an attempt to run some script, it can not affect your Facebook account if you are logged out.

Or it could be any of the Top 10 Facebook scams. Or anything else. Just be careful.

Twitter Apps Can Also Send Out Spam

Twitter Apps can also send out Twitter DM spam. Twitter Apps are applications that you allow to control your twitter account (including sending out Tweets).

You can see a list of applications and what permissions they have over your Twitter account by going into Twitter settings -> Apps. You can then revoke access of these apps.

What are some scammy messages?

Scammer use different messages to entice you to click on the link. The message is designed to arouse your curiosity. But they tend to follow certain themes.

Some of the message might be in these forms ...

  • what are you doing in this video
  • somebody is saying horrible things about you
  • you are in this video
  • found you in this funny picture
  • is this you in this picture?
  • check this out... it's a funny blog post. you're mentioned in it
  • you didn't see them taping you
  • you seen what this person is saying about you
  • are you aware of some bad rumors someone is making
  • bad blog going around about you
  • someone posting pic of you all over twitter
  • you have to check this out

and so on ...

And here are more articles about Twitter spam as reported by other websites...


    0 of 8192 characters used
    Post Comment

    • CraftytotheCore profile image


      5 years ago

      Thank you for this! This morning I just noticed I had some inappropriate hate comments in my rarely used twitter account. There must have been 50 of them dating back 2 years. I never noticed them before because I'm not on all that much. Most of them were saying things such as they had found bad photos of me and were posting them all over the internet or I should check out the nasty rumors people are spreading about me. How sick!

    • MarleneB profile image

      Marlene Bertrand 

      6 years ago from USA

      I see those spammy messages, but fortunately I never click on them. I don't use Twitter too much, but I think now after reading your hub I should go check out my Twitter account to see if it has been hacked or something. Thank you. Your information is very helpful.

    • BlissfulWriter profile imageAUTHOR


      6 years ago

      By writing this hub, I hope more people will become more aware of the methods used by spammers.

    • assimilated profile image


      6 years ago

      Nice hub. I wasn't totally aware of all the methods you described.

      I'm not using Twitter very excessively but I'm beginning to like it so your tips might be handy someday (hopefully not) :-)

    • BlissfulWriter profile imageAUTHOR


      6 years ago

      Thanks for the vote up.

    • alocsin profile image


      6 years ago from Orange County, CA

      I've never had much luck with Twitter, so I don't use it often. But thanks for warning me what to watch out for. Voting this Up and Useful.

    • BlissfulWriter profile imageAUTHOR


      6 years ago

      Thanks for tweeting my article.

    • penlady profile image


      6 years ago from Sacramento, CA

      This is so informative. My Twitter account was hacked a while back. Horrible experience. I was still new to Twitter and didn't know what was going on until someone told me I had been hacked and what to do.

      Why do people have to be so evil in doing mess like this? You'd think they'd find something more productive to do on the internet than hack other people's Twitter accounts!

      Voted up, useful, and tweeted. Thanks for creating.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)