If hackers strike, don’t be a phish out of water
Sue Llewellyn
Social media consultant and trainer. Twitter: @suellewellyn
This attack was the latest in a long line of high profile Twitter accounts to have been hijacked. It’s not yet clear how the hackers gained control: whether it was a phishing scam like the type detailed below or the hackers managed to crack the passwords.
One of the most common ways that hackers gain access to accounts is via a DM (direct message) with a bogus link. The message comes from someone you follow and always says something about ‘you’.
The natural human inclination is to think 'what’s that about me?' and click on the link. You may be asked to confirm your password, but if you do this your account will be taken over, your followers sent the same DM, and nonsense will appear on your public timeline. It usually says something like: 'Serious about shedding a few pounds, read this, it’s interesting' - with a link.
The important point is never click on links in a DM without asking the sender if they meant to send it to you. You should also warn them and suggest they change their password. Phishing attacks also come via email, so, once again, never click on suspicious-looking links.
Choosing a secure password in the first place is essential. Chris Hamilton, social media editor for BBC News, says: “If you can remember your password easily then it’s not strong enough.”
Here are a few tips to picking a good one:
- It should not contain any words
- It should be a mix of letters (upper and lower case) and numbers or symbols
- It should be at least eight to 10 characters long
- Use different passwords for each site
- Change your password regularly
- Restrict password access to as few people as possible.
