I’m a sucker.

There. I admitted it.

Like thousands of Twitter users, I got “phished.” I’m a fairly savvy Internet user, and I’m really, really careful about the links I click.

But this scam reeled me in, hook, line, and sinker. I figure that if I got phished, you may have, too. So as a public service, I’m offering up tips about Twitter phishing scams and how you can avoid them.

What is phishing?

Phishing is the attempt to steal your personal data (such as passwords, account numbers, or financial information) by masquerading as a trustworthy person or business in a seemingly official communication.

How do Twitter phishing scams work?

The current Twitter phishing attack sends a Direct Message to you – seemingly from one of the people you follow. The DM contains a friendly message such as “I found a funny picture of you – check it out” and a link to said picture.

Another popular phishing message I just received came from a best-selling author with whom I’m acquainted. It says:

“hey can you do me a favor? take this iq test. here;”

When you click the link, it takes you to a page that looks just like your Twitter login page. When you login to what you assume is your account, you give the phishers your password.

The phishers then send the same DM (from you) to everyone who follows you.

And then your followers un-follow you in droves.

If you get phished, how do you fix it?

I fell for this scam because I received a DM from a follower who I know personally. I clicked the link without giving it a second thought, not noticing (until it was too late) that the link didn’t follow the typical bitl.y, tinyurl.com, or ow.ly condensed link formats.

Fortunately, several of my followers notified me immediately that they were receiving strange DMs from me (the DMs did NOT show up in my Twitter account’s “Sent” tab).

I immediately changed my password and that stopped the DMs that appeared to be coming from me.

Only problem was that some of MY followers clicked the link that I supposedly sent them, and they got phished, too. I started receiving fake DMs from them.

…and the cycle continues.

How to protect yourself

• The best way to protect yourself from Twitter phishing is to avoid clicking links in DMs you receive. If you’re not sure whether the link is legit, e-mail or DM the person who sent it. That way, if they’re getting phished, you’ve just alerted them to the scam, as well.

• If you do get attacked, log out of your Twitter account, clear your browser cache, and shut it down. Then re-open your browser and change your password. Use a different password!

• Delete the spammy DM from your Direct Messages folder so you aren’t tempted to click it again.

• If you have time, notify the person you received the spam DM from that they’re under phishing attack. Advise them to change their password.

• A helpful tip I found on TwiTip suggests checking your application preferences to see who you’ve allowed to access your account. Click on Settings > Connections. If you’re not sure whether the application is legit, click “Revoke Access” and then re-install each application.

• I also posted a notice on my Twitter account and on my blog, letting folks know I’d gotten phished and advising them not to click any DM links from me. That was a smart move – several of my followers replied right away, thanking me for notifying them and assuring me they weren’t going to un-follow me.

Helpful articles from other bloggers:

• Spam Phishing and Hacks: How to Shore Up Your Defenses
• Recovering from Twitter Phishing
• How to Avoid 3 of the Dumbest Mistakes Good People Make on Twitter