Every now and then, Twitter seems to get hit by what we in the business call “phishing” attacks. This is where your Twitter account is taken over by a remote source that sends out links via your profile (often by direct message) which in turn infect other accounts.
The first rule is of course not to click on any suspicious looking links. Unfortunately it’s not always easy to tell but if you are sent something that looks a bit odd, send a message back and ask if it’s legitimate. If you don’t get a response, chances are, it’s a phishing attack.
Along with phishing, there are a few other exploits that can lead to your account falling into the hands of other parties. The result is usually the same; your account being used to do things not sanctioned by you.
If you’re unfortunate and you do find your account hijacked, it’s not the end of the world as long as you act quickly. Follow the steps below and you should be OK.
1. Change your password
To change your Twitter password, log into Twitter as normal; then click on the gear icon in the top right corner, click “Settings“.
On the left hand side of the page, click “Password“.
On the password page, fill in the form as directed to change your password.
2. Revoke application rights
Remaining in the settings area, as directed above, click “Apps” on the left hand side of the page.
On the right hand side of the page you will see a list of applications that you have given permission to access your Twitter account.
From the list on the right hand side of the page, identify any app that you DO NOT use and click the “Revoke access” button for that app.
It is better to err on the side of caution here and revoke anything you don’t recognise. You can’t break anything. The worst that will happen is that if you revoke the access rights to something you do use, you will be asked to re-authenticate next time you use it.
If you can’t even log in to your Twitter account, click on “Forgot password” under where you put your login details, then put in your email address as requested. This will email you a password reset request. Follow the instructions therein to reset your password, then proceed to step 2 above.
If for some reason you still can’t seize control of your account, you will need to contact Twitter support. Follow the link on the password reset page.
Feel free to ask in the comments below if there’s anything you’re not sure of.