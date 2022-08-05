U.S. markets closed

  • S&P 500

    4,145.19
    -6.75 (-0.16%)
     

  • Dow 30

    32,803.47
    +76.65 (+0.23%)
     

  • Nasdaq

    12,657.55
    -63.03 (-0.50%)
     

  • Russell 2000

    1,921.82
    +15.37 (+0.81%)
     

  • Crude Oil

    88.53
    -0.01 (-0.01%)
     

  • Gold

    1,792.40
    -14.50 (-0.80%)
     

  • Silver

    19.86
    -0.26 (-1.30%)
     

  • EUR/USD

    1.0187
    -0.0063 (-0.61%)
     

  • 10-Yr Bond

    2.8400
    +0.1640 (+6.13%)
     

  • GBP/USD

    1.2071
    -0.0088 (-0.72%)
     

  • USD/JPY

    134.9700
    +1.9540 (+1.47%)
     

  • BTC-USD

    23,129.20
    +583.43 (+2.59%)
     

  • CMC Crypto 200

    533.20
    -2.02 (-0.38%)
     

  • FTSE 100

    7,439.74
    -8.32 (-0.11%)
     

  • Nikkei 225

    28,175.87
    +243.67 (+0.87%)
     

That message from 'Twitter Support' is almost certainly fake

Devin Coldewey
·6 min read

Users on Twitter have been receiving messages purporting to be from "Twitter Support" urging them to act quickly to avoid suspension, often even from users with a blue check. But these are almost certainly scams — here's what to look out for, and what it would look like if Twitter actually needed to contact you.

First, it should just be mentioned as a general rule that any message from anyone you don't know on any platform you use should be viewed with suspicion. Do not follow any links or instructions, and if you're at all unsure, take a screenshot and send to a friend for help!

On to today's problem: DM spam.

This type of trick goes by various names depending on what the scammers are after. It might be garden variety phishing, and they're trying to trick you into divulging personal or financial information. But it could be a more sophisticated, long-term plan to get access to high profile accounts.

The springboard method

It works like this: first you do a bit of spray-and-pray style messaging to get a few people to click through to one of many methods of getting their credentials, whether it's social engineering ("Please verify your current password") or a fake app ("Please update Tw1tter") or some more serious device-level takeover. This nets the scammers control over a handful of real people's accounts.

Example of a scam DM from a hacked verified account.

Using these accounts, they spam DMs further, using the accounts' legitimacy to mask their nefarious doings. This nets them more accounts, and if they're lucky, they'll springboard to higher profile ones, like a verified account the user follows who has their DMs open.

Once they have taken over a blue check account, they might change the name to something like "Urgent Support" and start sending out legitimate-looking warnings to the no doubt thousands of followers such a user will have.

Here's how to spot a scam and protect yourself. One message a TechCrunch reporter received today from a verified account went as follows:

Twitter Support | Violation

Hello,

We've detected a lot of suspicious login attempts on your account lately.

We care about the security of verified accounts.

Your account will be suspended within 24-48 hours for security reasons. If you are not doing this, you must submit an appeal form to us so that your account is not suspended and we can review it.

[link to innocuous looking non-Twitter domain]

In any case, we will contact you again through this channel.

Thank you for your understanding,
Twitter Help Account.

A lot of people will see the verified account, a bit of boilerplate-looking warning text, and just hit the link. How should they know what a Twitter suspension warning looks like? They're not internet sleuths, and frankly they shouldn't have to be in order to keep their account safe, but this is the reality of social media today.

Fortunately it's very easy to spot a scam, and you can protect yourself with the following steps.

How to spot a scammy DM

Laptop virus alert. Malware trojan notification on computer screen. Hacker attack and insecure internet connection vector concept. Illustration of internet virus malware
Laptop virus alert. Malware trojan notification on computer screen. Hacker attack and insecure internet connection vector concept. Illustration of internet virus malware

Image Credits: MicrovOne / Getty Images

First, there are a couple red flags with the message itself.

  1. Twitter will never contact you via DM for account issues. This type of communication is generally done via the email associated with the account. Think about it: if Twitter thinks a scammer might have taken over your account, are they doing to DM that account? Nope — they have a secure line to your email that only they know about. "If we contact you, we'll never ask for your password & our emails will be sent from https://twitter.com/ / https://e.twitter.com only," a Twitter rep said. If you do get a text, it will come from 40404.

  2. The sender is not Twitter. Again, Twitter wouldn't use this channel to begin with, but the message doesn't even come from them. If you looked at the person's profile, you'd find they're just some random person, or "egg" as we used to call them.

  3. The link goes somewhere you've never heard of. Of course it doesn't have to go to scam-links.xxx to be suspicious! Links in any message, DM or email or even online can be and often are designed to be misleading. This link to twitter.com actually goes to Google, for instance. Only follow links in messages or emails you know are authentic — if you're not sure, don't do it!

  4. The language is kind of off. Not everyone will pick up on this, but on a close reading it's clear this is probably not by a native English speaker — and a Twitter communication in English would surely be in clear, error-free language. It'll be the same in other languages — if you notice something weird, even if you can't be sure, that should set off alarm bells!

So what should you do if you get a message that looks scammy? The safest thing is to ignore and delete. If you want, you can report it to Twitter using the directions here.

Protect yourself with two-factor security

The single best thing you can do to protect against scams like this is to turn on two factor authentication., sometimes called 2FA or MFA (multi-factor authentication). We've got a whole guide for it here:

How two-factor authentication can protect you from account hacks

2FA will be in your Twitter security settings, and in the security settings for lots of your other online apps and services as well. What two-factor authentication does is simply check directly with you via a secure "authenticator" app that asks "are you trying to sign into Twitter?" If you see that message and you're not signing into Twitter, something's up!

When you do want to sign in, it will ask you for a number generated by the authenticator app that only you can see, or sometimes via text (though this method is being phased out). These numbers should only be entered at the login screen and never, ever told to anyone else.

If you have 2FA enabled, then even if you accidentally give some login info to a scammer, when they try to log in it will check with you to make sure. This is an incredibly helpful thing in today's dangerous cybersecurity environment!

That's all - now you and anyone you care to tell won't get scammed on Twitter this way. If you want to further boost your cybersecurity prowess, check out our Cybersecurity 101 series.

Cybersecurity 101: How to protect your online security and digital privacy

Recommended Stories

  • Trump Tells Judge He Was Too Busy as President to Sue Clinton Sooner

    (Bloomberg) -- Donald Trump’s lawyers argued the statute of limitations shouldn’t apply to the lawsuit he filed against political rival Hillary Clinton because the “immense and unrelenting demands” of the job prevented him from doing so sooner.Most Read from BloombergChina Announces Sanctions on Nancy Pelosi Over Taiwan TripChina Likely Fired Missiles Over Taiwan in Drills, Japan SaysDemocrats Drop Carried Interest as Sinema Paves Way for Tax VoteThe former president was simply too busy during h

  • Warren Buffett says this is the ‘biggest mistake’ people make with their money (and psst: it has to do with savings)

    MarketWatch Picks has highlighted these products and services because we think readers will find them useful; the MarketWatch News staff is not involved in creating this content. Warren Buffett, the infamous 91 year-old Oracle of Omaha, is worth roughly $100 billion dollars — and could clearly spend frivolously. The guidance is that you will need roughly 3-12 months of essential expenses somewhere safe like a high-yield savings account.

  • Why Twilio Stock Fell Hard Today

    Better-than-expected results on the top and bottom lines were overshadowed by the company's third-quarter guidance.

  • Here's Why Rich Americans Are Moving Here

    Households that make over $200,000 annually comprise just a sliver of all tax returns that are filed in a given year, but their movement between states can have a significant financial impact. When a state loses more high-earning tax filers … Continue reading → The post Where High-Earning Households Are Moving – 2022 Study appeared first on SmartAsset Blog.

  • Elon Musk Says Tesla's About to Do Something Extra Special

    The Tesla CEO tells shareholders the move may not be "economically sensible" but is a cool idea anyway.

  • Upstart (UPST) to Report Q2 Earnings: What's in the Offing?

    Upstart's (UPST) second-quarter 2022 results are likely to reflect benefits from its strategy to operate as a multiproduct company and growing strength across its auto refinance product.

  • Tesla shareholders approve 3-for-1 stock split, Musk teases Cybertruck

    Yahoo Finance's Pras Subramanian highlights the main takeaways from Tesla's annual shareholder meeting.

  • Amazon to acquire iRobot for $1.7 billion

    Yahoo Finance's Brian Sozzi and Julie Hyman discuss news that Amazon is buying Roomba-maker iRobot.

  • Is Trending Stock Devon Energy Corporation (DVN) a Buy Now?

    Recently, Zacks.com users have been paying close attention to Devon Energy (DVN). This makes it worthwhile to examine what the stock has in store.

  • A Stock Buyback Tax Is Added to the Inflation Bill. What That Means for Apple, Meta, and Microsoft.

    Kyrsten Sinema, the moderate senator from Arizona, reaches a deal with Democratic leadership to support the Inflation Reduction Act. The compromise could impose a 1% excise tax on stock buybacks.

  • Analysts Say Buy These 10 Stocks Despite Earnings Miss

    In this article, we discuss the 10 stocks that analysts recommend buying despite their earnings miss. If you want to read about some more stocks that analysts recommend buying, go directly to Analysts Say Buy These 5 Stocks Despite Earnings Miss. The pessimists have been right about the contraction in the United States economy over […]

  • How Siga Is Turning Its Biowarfare Soldier Onto This Outbreak ... And The Next

    The medicine Siga Technologies developed to combat biowarfare is now being used in the ongoing viral outbreak, and Siga stock has exploded.

  • AMC to offer ‘APE’ preferred stock ticker in nod to retail traders

    Chad Beynon, Macquarie Group senior analyst on gaming, lodging and leisure, joins Yahoo Finance Live to discuss AMC earnings, its overhead rent expenses, its new preferred equity ticker as well as the sports betting landscape.

  • Tesla shareholders set to vote on 3-for-1 stock split

    Yahoo Finance's Pras Subramanian explains what to expect at Tesla's annual shareholder meeting.

  • AMTD Digital and 9 Other Stocks Redditors are Buying in August

    In this article, we discuss AMTD Digital and 9 other stocks Redditors are buying in August. If you want to see more stocks that Redditors are buying this month, click AMTD Digital and 4 Other Stocks Redditors are Buying in August. A meme stock typically gets popular among retail investors through social media. A little-known […]

  • Cisco is combining business units units as its cloud, networking chief exits to Fastly

    The move was reported after San Francisco cloud platform company Fastly Inc. announced it had hired Cisco's networking and cloud chief Todd Nightingale as its next CEO.

  • 10 Best International Stocks to Invest In

    In this article, we will look at 10 best international stocks to invest in. If you want to explore similar stocks, you can also read 5 Best International Stocks to Invest In. Investors who aim to achieve broad diversification are always on the lookout to identify lucrative investments in international markets. While some find investing […]

  • 11 Best Beaten Down Stocks to Buy Now

    In this article, we will be taking a look at the 11 best beaten down stocks to buy now. To skip our detailed analysis of undervalued stocks and their potential, you can go directly to see the 5 Best Beaten Down Stocks to Buy Now. With rising fears associated with the S&P 500 hitting a bear […]

  • Health Catalyst (HCAT) Reports Q2 Loss, Tops Revenue Estimates

    Health Catalyst (HCAT) delivered earnings and revenue surprises of 72.73% and 1.23%, respectively, for the quarter ended June 2022. Do the numbers hold clues to what lies ahead for the stock?

  • ‘I hope I don’t crash and burn.’ I recently hired my first financial planner, but in just seven months, they’ve lost $70K. What’s my move?

    Question: I recently rolled my retirement pension and 401(k) into one account, managed by a financial planner. How do I know if they’re making sound investments? Answer: First, you’ll want to share your concerns with your new financial planner, and know this: “We’re in a bear market …What’s surprising is that your financial planner has not contacted you to discuss your portfolio allocation, what they’re doing to mitigate risk and how they’re performing relative to appropriate benchmarks such as the S&P 500 for stocks and the Bloomberg Aggregate US bond index,” says certified financial planner Anthony Ogorek of Ogorek Wealth Management.