On Twitter, there are people that will follow you then wait for you to follow them back. Once you’ve done so, they turn around and unfollow you.

Why?

Well, maybe they just didn’t like you. But, another reason is to build up a following. In fact, some marketers actually advise this practice! You see, it looks more impressive if the number of followers you have is far greater than the number of people you are following back. It makes you look popular, like you must be providing something of value to have that many followers.

But, it’s not a practice I agree with. Whether you’re into social networking or social marketing, I think this practice definitely omits the social part of it!

So, earlier this week, I asked my followers for their thoughts on this practice: “What do u think of ppl who follow u only to unfollow u once u’ve followed them back?”

Here were their thoughts:

@thekencook: has happened to me TWICE with @darrellissa - we talked about it on TwitterTuesdayRadio http://budurl.com/jckc (View Tweet)

@ETHOBULLION: I think it causes Twittrage… (View Tweet)

@furnituregirl: I think they no longer impact my life b/c I turned off follow notifications and only follow ppl who @ me (thx to @MackCollier) (View Tweet)

@ppasternak: Can’t stand it. Just went through my ‘following’ list to weed them out. (View Tweet)

@MarkDykeman: Rapid-fire tollow/unfollow Twits deserve to be boiled in oil. Or blocked. Blocking doesn’t incur jail time. (View Tweet)

@TotusMel: It is the ultimate in self-promoting, narcissistic, anti-social behavior. Truly appalling behavior. (View Tweet)

@JenWelton:My response: "Get a life…you’ve got WAY too much time on your hands." (View Tweet)

@DaveLopan: I think that they smell. (View Tweet)

@universidadperu: If twitter didn’t have their stupid limits, maybe that sort of behavior wouldn’t happen… (View Tweet)

@RandomAnecdotes: I think it’s rude, but I don’t notice them. I never really look at my followers and I only follow those I want to follow. (View Tweet)

@peteej: It’s annoying, like those people that speed ahead of you, only to slow down and make you pass them. (View Tweet)

@NicholaStott: not as bad as the people who say, I’m an expert in ‘X’, ask me any ‘X’ question… then fail to respond when you do! (View Tweet)

@colincavaliere: My top pet peve on Twitter, they help make this what is not supposed to be. (View Tweet)

@terencechang: it’s wasting time worry about that. I start following interesting ppl I like to follow regardless they follow me or not. (View Tweet)

@jerzegurl: I think ppl who unfollow you after you follow them.. are twitter trash. (View Tweet)

@Lakenvelder: I unfollow them. (View Tweet)

@CoryOBrien: Thats easy: I hate them. Stop using Twitter if it’s just some numbers game/one sided sales tool. (View Tweet)

@redwhiteandgrew: Depends on my mood. I follow most people who follow me with the hopes that it’ll help spread the word about what I’m working on. (View Tweet)

@lilnerdette:re: the follow/unfollow–it’s very disingenuous & if you’re that desperate to feel needed, go volunteer somewhere! (View Tweet)

@calebhays: I think it’s tacky and a horribly narcisstic approach to twitter. I think it’s underhanded. (View Tweet)

@HappyHourBoston:those people ar ejust looking for numbers…They wont get the ACTUAL VALUE out of TWITTER (View Tweet)

@apmex: Hmm…that is very strange. Sounds like they are trying to "game" the system. (View Tweet)

@chicagocarless: I think they’re dirty stinky piles of nosey-yet-noncommittal toothpaste poop. (View Tweet)

@IrishSmiley: I think that these people have a interesting way of handling a social media tool by being rather asocial with it. (View Tweet)

@HappyHourBoston: The beauty of Twitter is that you actually have to participate…if you dont you are nothing. So no point in playing games 4#s (View Tweet)

@totallytea: 2B honest, I don’t notice who unfollows whether or not I follow them. From a genl perspective, some ppl are just collectg numbers (View Tweet)

@mandreano: ppl who follow & unfollow should be repremanded. the limit to follow 2K should also limit to unfollow 5-10 a day to discourage it (View Tweet)

@davemunger: I don’t think following is a quid pro quo arrangement. I follow people I’m interested in and expect others to do the same (View Tweet)

@ joshdhaliwal: I question the logic of following those who follow U. My estimate is that only 1/10 ppl who follow me actually have interest in me (View Tweet)

@teeni: I think they were just looking to up their numbers. Unfollow them back. (View Tweet)

@tackgirl: I appreciated that they tried following and assume my content is just not relevant enought 4 them. (View Tweet)

@BLUETUX: - I suggest you just un-follow those people. If I un-follow someone, it’s usually because they spam their twitter feed. (View Tweet)

@tomcellie: I AM doing some mass following, I am NOT unfollowing & Re following. I will weed thru my list and unfollow the porn ppl etc. (View Tweet)

@Jan_Geronimo: - That’s rather unfortunate. They will never know what they’re missing. (View Tweet)

@JanisMiller: for me twitter is about the conversation. IMHO should be 2-way. I unfollow "in & out followers" - spammers - "egos" - porn - etc (View Tweet)

@sharonhayes: See my blog http://tinyurl.com/tgaming (expand) on gaming. Many ppl use it 2 get by following limits in effort 2 grow fast, seem "credible" (View Tweet)

@Eridanus I think they’re spammers playing the system. But in any case, I’ll only ever follow someone whose tweets I find interesting (View Tweet)

Those were their thoughts on the practice. What are yours?

If you use Twitter, sometimes you’ll come across a Twitter account that is purely spam.

Typically, you can recognize them as they will be following several hundred people (up to 2000 total), have few people following them, and have a single tweet that is a link to a site trying to sell you something.

When they hit the 2000 following limit, they set up a new account and start all over again.

Twitter is usually pretty good about finding and taking care of these spammers, but you may be able to expedite the process by notifying them when you see a spammer.

Right now, they’re making this pretty easy.

All you have to do is follow Twitter’s @spam account and wait for them to follow you back. Once they have followed you back, you can DM them with the user ID of the spammer.

They’ll check it out and suspend the account if it looks like a spammer.

If they don’t appear in your Direct Message popup menu, which is sometimes the case, especially if you have a lot of followers, don’t worry. Just go to your update window. To send them a direct message, start your tweet with “d” and a space, followed by “spam” like this: “d spam” adding another space before you start your message. You should notice the message above the text window change from “What are you doing?” to “Direct message spam:” right away. Compose your message, hit “send” and you’re done! Note that you do not need to use the “@” symbol when direct messaging.

Yesterday, I wrote about The Twitter Pyramid Scheme.

Today, I notice some suspicious things about it…

Following “tweetergetter” on Twitter Search, I can see that every few minutes, a new account signs up with Twitter. They’ll have a name, but no bio and no link to a website or blog. Their first tweet will be to promote TweeterGetter.com.

Are these new users signing up because they heard about Twitter through TweeterGetter? Perhaps it’s a possibility, but it doesn’t seem very likely to me.

These new users keep popping up every few minutes. It just strikes me as being very, very suspicious.

Also, I’ll occasionally see a user who hasn’t tweeted anything in months (and had only one or two non-substantive tweets to begin with, such as “Checking out Twitter!”) post a tweet about TweeterGetter. Am I to believe they haven’t used Twitter in months but suddenly had an interest in doing so, and signed up with TweeterGetter? Again, maybe, but it just doesn’t seem likely to me.

I can’t prove anything and I don’t have any special insight or evidence, but my gut feeling is that these accounts are being created to boost follower numbers for TweeterGetter. Again, I don’t have any proof or anything; this is just my opinion.

At the moment, the pace of new accounts seems to have dwindled down. If these are all fake accounts, as I suspect most of them probably are, maybe the person creating them had something else to do. In searching, I found more such accounts created yesterday, and others created the day before. Since joining and posting their TweeterGetter message, they haven’t tweeted since, haven’t added an avatar, haven’t added a bio and haven’t added a link to a website or blog they run.

Don’t take my word for it. Search for “tweetergetter” on Twitter Search yourself, and look for the accounts without avatars and check them out for yourself.

What do you think is going on? Are these potential “dummy” accounts really worth having as followers?

This past week, there has been a new scheme on Twitter to gain more followers.

It’s called TweeterGetter. If you’re on Twitter, you’ve probably seen a number of messages from people talking about getting 19,530 new followers in 30 days.

Some people think that it’s a good idea. Who wouldn’t want a bunch of followers?

But, let’s look at it closely. When you sign up, you’ll automatically follow the six people ahead of you in line. Then, you’ll tweet a message encouraging people to sign up under you. If, for example, you get 5 people to sign up under you, you’ll get 5 new followers. If each of those people signs up 5 people, you’ll get 25 more followers. And, if each of those people signs up 5 people under them, you’ll get 125 new followers. And so on down the line until you reach 19,530 new followers. Or even more!

Some are calling this a new and innovative idea.

But, let’s call it what it really is: a pyramid scheme. Even though no money is involved, it’s still the basic thing. Instead of luring people with the promise of money, they are luring people with the promise of more followers.

Remember, years ago (and maybe even sometimes still, even though it’s illegal), there were chain letters promising you thousands of dollars in a matter a weeks, just by sending out a few dollars? There was a list of names. You were to send each person on the list $1. Then, you were to type up a new letter, removing the top name from the list, moving everyone else up on slot, and adding yourself at the bottom. Then, you were to send out a bunch of those letters. If just five of those people participated, and each of them were to get five, and so on, you’d be getting cash in the mail every day!

Do you know anyone that ever got tons of money that way? Probably not.

Mind you, some people would try to cheat by adding themselves to the top of the list, but even those that followed the rules didn’t end up getting money in their mailbox every day.

Pyramid schemes only really benefit the people at the top of the list. In many ways, it’s a lot like multi-level marketing; if you’re the one at the bottom, you’ll never reap the benefits as the people way ahead of you.

You might argue that, well, this is automated. People can’t cheat. But, as illustrated above, that doesn’t really matter. Even when people followed the rules, the people sending out letters at the bottom of the list were never the ones that gained massive amounts of money. It’s not about saturation, as some might argue; it’s about participation. And, the fewer letters you would have sent out, the lower your response would have been.

The same goes for you on Twitter. The fewer followers you have to begin with, the fewer that will signup under you. And, if you end up retweeting your signup link over and over again, and pushing it on your blog and other online accounts, the more you’re going to be looking like a spammer. Sure, it may not meet the technical definition of spam, but spam is defined more by the eyes of the beholder than it is by the dictionary! And, who wants to follow a spammer?

On top of that, how targeted are these followers? Are they really interested in what you have to say, or are they largely interested in building up their following numbers? Some argue that it’s very targeted. I’ve seen several people saying that Internet marketers are the only ones that would be interested in such a scheme. So, they argue, if your targeted audience is Internet marketers, then this will be great for you.

However, that is verifiably false. Just do a search on search.twitter.com, and search for “tweetergetter.com” to find people that are tweeting their signup pages. Check out their Twitter profiles. While it is true there is a large percentage of Internet marketers on there, you’ll see that many people are participating who are not Internet marketers.

So, if you do have a target audience of Internet marketers, there is a potential to reach a number of them. But, it is not as targeted as you might think. And, if your target audience is not Internet marketers, this scheme will be even less valuable for you, as most of the new followers you’ll be gaining are not people interested in your product or service at all.

The only real target audience here is people looking to increase the number of people following them, and that’s not really much of a “target” audience at all.

If you participate in such a scheme, you risk annoying your current followers (who are probably a much more valuable and targeted audience than what you are likely to receive from this scheme, especially if you are not into Internet marketing). You risk your credibility too, as people will wonder if you’re more interested in quantity of followers rather than quality.

On top of that, anytime you give your Twitter password to a third-party, you risk the security of your account. I am NOT saying that this service will do anything bad with your password; I just say this as a general statement.

What happens if a third-party site that has your password is hacked? Imagine the damage that could be done! And, if you’re one of those people that uses the same password for everything, hackers could get into more than just your Twitter account.

These are important considerations to bear in mind when using any third-party Twitter tool. This is general advice, and not directed at any particular Twitter site or service. But, guard your password carefully! And, please, use a different password for every online service you use.

Services like TweeterGetter may be attractive, because they’re free and easy to do, but sometimes free services carry too high a price!

Fortunately, you don’t have to use a service like TweeterGetter to amass a huge following. It may take a little more work and time, but you’ll probably be better served with a following you’ve amassed naturally than by one gained through a questionable scheme.

On Twitter, as well as other sites, you can use not only regular letters, but special characters as well. Sites, such as Twitter, that support Unicode characters, are capable of displaying a wide range of characters beyond the standard characters you see on your keyboard.

Here is a selection of the available characters. To use a specific character in a tweet, simply highlight the character, copy it and paste it into your tweet!

ASTROLOGY
Aries: ♈
Taurus: ♉
Gemini: ♊
Cancer: ♋
Leo: ♌
Virgo: ♍
Libra: ♎
Scorpius: ♏
Sagittarius: ♐
Capricorn: ♑
Aquarius: ♒
Pisces: ♓

ASTRONOMY
Sun: ☉
Mercury: ☿
Venus: ♀
Earth: ♁
Mars: ♂
Jupiter: ♃
Saturn: ♄
Uranus: ♅
Neptune: ♆
Pluto: ♇

COMPUTER
Command Key on a Mac: ⌘
Erase: ⌦
Eject: ⏏
Option Key: ⌥
Return: ⏎

FACES
Frown: ☹
Smile: ☺ ☻

LETTERS
Black Letters: ℭ ℌ ℑ ℜ ℨ
Double Struck Letters: ℂ ⅅ ⅆ ⅇ ℍ ⅈ ⅉ ℕ ℙ ℚ ℝ ℤ
Flipped Ampersand: ⅋
Script Letters: ℬ ℰ ℯ ℱ ℊ ℋ ℐ ℒ ℓ ℳ ℘ ℛ
Sideways Q: ℺

MISCELLANEOUS SYMBOLS
Fax: ℻
Information: ℹ
Number Sign: №
Prescription: ℞
Telephone: ℡

MORE MISCELLANEOUS SYMBOLS
Ankh: ☥
Bullseye: ◎
Caduceus: ☤
Comet: ☄
Dice: ⚀ ⚁ ⚂ ⚃ ⚄ ⚅
Electric Arrow: ⌁
Female: ♀
Helm: ⎈
Hot Spring: ♨
House: ⌂
Male: ♂
NW Arrow: ⎋
Peace: ☮
Place of Interest: ⌘
Playing Cards: ♠ ♣ ♥ ♦ ♤ ♧ ♡ ♢
Snowman: ☃
Stars: ★ ☆
Telephones: ☎ ☏
Telephone Recorder: ⌕
Ying Yang: ☯

POLITICAL
Hammer and Sickle: ☭
Iran Coat of Arms: ☫

RECYCLE
Generic Materials: ♺
Plastics: ♳ ♴ ♵ ♶ ♷ ♸ ♹
Recycled Paper: ♼
Recycled (Partially) Paper: ♽
Standard: ♲ ♻

RELIGIOUS
Chi Rho: ☧
Cross of Lorraine: ☨
Cross of Jerusalem: ☩
East Syriac Cross: ♱
Khanda: ☬
Orthodox Cross: ☦
Star and Crescent: ☪
West Syriac Cross: ♰
Wheel of Dharma: ☸

VOTING
Ballot Box: ☐
Ballot Box with Check: ☑
Ballot Box with X: ☒

WARNINGS
Biohazard: ☣
Caution: ☡
Poison: ☠
Radioactive: ☢
Warning: ⚠

WEATHER
Cloud: ☁
Comet: ☄
Lightning: ☇
Moon: ☽ ☾
Sun: ☀ ☼
Thunderstorm: ☈
Umbrella: ☂
Degrees Celsius: ℃
Degrees Fahrenheit: ℉

Happy Tweeting!

There has been a phishing scheme running around on Twitter this weekend. But, so far, it’s a relatively easy one to avoid becoming a victim of. Here are some tips on the phishing mess.

(For more details, you can check @CXI’s blog. He even set up a test account on Twitter to see what the phishers were up to.)

First, it is okay to check your DMs on Twitter. You don’t need to be afraid to check them. But, be careful about any links in messages from others, even if you know them. You won’t be affected by the scam just by reading your DMs.

If you click a link, DON’T PANIC! So far, there have been no reports of spyware, malware or viruses getting installed as a result of visiting the phishing site. If you’re concerned, you can run your anti-virus or anti-spyware/malware software to check your system out.

But, after clicking the link, it may appear as though you’ve been booted off Twitter and are being asked to login. DO NOT LOGIN! Look at the URL in the URL bar at the top of your browser. If it is not “http://www.twitter.com” or “http://twitter.com”, it is likely a phishing site. (See UPDATE VI below.) You do not want to give them your password. Just manually type in Twitter’s URL in your URL bar to return to Twitter.

As a precaution, you may also want to go into your browser and delete any cookies the phishing site may have sent.

If you’re not sure if you’ve logged into a phishing site (perhaps earlier, before you had heard about it), you might want to take the extra precaution of changing your Twitter password.

If you’re still really feeling uneasy, you can also run your anti-viral or anti-spyware software just to confirm you didn’t get hit with anything.

Please also be aware that the person (or persons) that sent you the phishing URLs may not be the actual scammer. Most likely, they were a victim and the phisher got their password and is now using their account to send more of the phishing DMs.

If you receive a phishing DM from someone, it’s probably a good idea to DM them back (or send an @reply if you can’t send them a DM) to let them know their account has been compromised and that they should change their password. This is the DM I send people:

Were you a phishing scam victim? http://bit.ly/HREm Might be a good idea to change your Twitter password!

The URL takes them to a site that tells them about the phishing scheme.

The URLs that have been used for the phishing sites have been blogspot.com URLs. They were set up to redirect to another site, which puts up a screen that looks like Twitter’s login page. The plan is that people will think they were knocked out of Twitter and log back in. When they do, they are taken back to the real Twitter site, so the victim may be totally unaware that they just gave their password to the phisher.

It’s important to note that not all blogspot.com URLs are phishing sites. I’ve seen people warning others not to open any blogspot.com URLs. But, there are plenty of legitimate blogs that have blogspot.com URLs. So, you don’t need to be concerned about blogspot.com URLs in general, just specific ones. And, even if you end up at the phishing site, as mentioned above, you should be okay so long as you don’t login on the fake Twitter site.

For people using OpenDNS or Firefox 3, it appears that both of those are now blocking the phishing site. But, still be careful out there.

The short of it is that you should be careful, but don’t become irrational over the phishing attack.

UPDATE:
Here are the known URLs of the phishing attack:
http://jannawalitax.blogspot.com/
http://twitterblog.access-logins.com/login
http://rosalierebyb.blogspot.com/

If a tweet or DM asks you to visit one of those sites, don’t.

Also, here are the known text of the phishing messages:

“hey! check out this funny blog about you…
http://jannawalitax.blogspot.com/”

“Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-logins.com/login”

“hey look at this funny blog http://rosalierebyb.blogspot.com/”

I have not made the URLs clickable, but I am showing the messages and URLs in their entirety so you know what to look out for. Also, I am not identifying the senders, as the senders are likely victims and not the actual scammers.

UPDATE II: How to Report Phishing Sites

PhishTank

For Windows Internet Explorer 7 users

How to Report a Phishing Site to Google

How to Report a Phishing Site to Yahoo

UPDATE III: Info from Twitter

Here is Twitter’s blog post about the phishing scheme. Here is the link to the Twitter blog itself.

UPDATE IV:

Found this post (by way of multiple people tweeting it) on How to Protect Your Twitter Account from Scammers. Good info with pictures.

UPDATE V: New DM Text

A new phishing DM is going out. This is how it reads:

“fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-logins.com/login”

UPDATE VI: URL Masking
As Robin indicated in the comments, it is possible for a site to mask the URL so that the URL in your URL bar will appear to be the correct URL. Fortunately, that has not happened in this current phishing attack, but it is something to be aware of, especially seeing how the phishers have been continuing to morph their scheme. The best defense is to manually enter the URL of the site you want to visit.

UPDATE VII: New DM Text

Another new phishing DM is going out. This is how it reads:

“heyy!!! i want u to see my blog!! http://blogtwitter.access-logins/login”

UPDATE VIII: Twitter Phishing Scheme is Not a Virus

Judging by a lot of the tweets out there, some people are confusing the Twitter phishing scheme with a virus. As of this writing, I have not heard of anyone getting a computer virus from the phishing site. Just because people you know might be sending you DMs with the phishing site URLs does not mean that they have been infected by a virus. Let me explain how this appears to work.

Yesterday, some phishing messages went out. I don’t know who the originator was. Anyway, these phishing messages directed people to another site. As far as I know, the first site was the jannawalitax.blogspot.com URL. If you went to that site, it redirected you to a page that looked like the Twitter login page. This tricked some people into thinking that they had been booted out of Twitter, so they logged back in.

When they did that, the phisher had their user ID and password, so they could access the user’s account.

Apparently, they turned around and used those accounts to send more DMs directing more people to fake Twitter login pages, from which they no doubt collected more user IDs and passwords.

They may not have even used all the user IDs and passwords they’ve collected yet, so this has the potential to continue for days.

That’s why it’s a good idea to change your Twitter password if you logged into a fake Twitter page. If you’re not sure, you might also want to change your Twitter password. Just because none of your followers haven’t received phishing DMs from you doesn’t mean that the phishers aren’t waiting until some future time to use your account to send them.

Of course, if you didn’t log into the fake Twitter page, at this point there is no reason for you to be alarmed.

Because the phishers are using the victim’s account details (user ID and password) to send these DMs doesn’t make this a virus. There is no evidence thus far of any virus being spread as a result. This is nothing more than the phishers using people’s passwords to gain access to their accounts and send DMs from them. Ergo, not a virus!

UPDATE IX: New DM Text

Yet another new phishing DM is going out. This is how it reads:

“Check out this blog type website. you need to see it.. http://bloggertwit.access-logins.com/login”

UPDATE X: Receiving Phishing DMs Not a Problem on Your End

If you receive a phishing DM, that does not mean that your account has been compromised. It means that the phisher got the password of the person sending it. Changing your password isn’t going to stop the DMs coming to you. Just delete the DM and move on. As suggested above, you might want to send a message to the person whose account sent the DM to let them know they’ve been affected and should change their password.

UPDATE XI: If Affected, Change Passwords on Accounts Using the Same Password

A good point from @CXI. If you were a victim of the phishing scam and have other accounts which use the same password, especially if they have the same user ID or a publicly known user ID, it’s a good idea to change that password on those other accounts as well so that the phishers can’t access them too.

UPDATE XII: This May Be What It was All About!

I’m seeing these new variants coming from affected accounts. Some I know to be affected because previous DMs sent the phishing messages. Others I am assumed to be affected.

“Wanna win the new iPhone? It’s so easy and cool, I love this thing! Visit: http://iphonewinner.info”

“Hey! I just got a FREE iphone from this website.. here http://helloiphones.com”

If you go to the site, you will be presented with a seemingly harmless series of questions. First, it asks for your gender. Next, it asks for your cell phone carrier to see if you are “eligible.” After that, it asks for your phone number.

In fine print, there is mention of a $9.99/mo. service. I am guessing that, by entering your phone number, you will be signing up for that service.

My guess is that’s what this whole thing may have been about. Twitter is heavily used by mobile users, so what better way than to try to trick them into signing up for a service than by luring them in with a “free” iPhone?

I would not enter your phone number into that site. I wouldn’t bother with it at all! Just delete the DMs and stay away!

UPDATE XIII: Free iPhone Offer Site May Not Be the Phisher

As mentioned in the previous update, the last known round of the phishing URLs were links to sites like iphonewinner.info and helloiphones.com. If you visit those sites, you get redirected to a site with the iPhone offer.

Something I didn’t notice until later is that, somewhere along the line, cookies are set in your browser. These appear to be affiliate cookies of some sort.

So, it’s possible that the phisher is an affiliate of the iPhone offer site, and that the site itself is not to blame. It may be a legitimate site.

If that’s the case, it should be relatively easy for the iPhone offer site to track down which affiliate of theirs is the phisher and (hopefully!) cancel their account and make sure the phishers don’t get any financial benefit from the scheme.

It appears as though the phisher’s plan may have been to collect user IDs and passwords so that, in the final round of DMs, the DMs would appear as though they were coming from one of your friends telling you they got a free iPhone. That could increase the likelihood of you signing up with the site, since a friend getting a free iPhone kind of mitigates the notion that the offer was “too good to be true.” Thus, that would increase the conversion rate, potentially putting more money into the pockets of the phishers.

Of course, it is also possible that the iPhone offer site is run by the phishers. I don’t know for certain, but we shouldn’t jump to that conclusion just because the phishers forwarded to that site. As I mentioned, the phishers could have been affiliates and were using the whole scheme to try to earn money through an affiliate program. We just don’t know for sure.

The bad thing, of course, is that if this iPhone offer site is a legitimate site, they could be suffering as a result now, because people will avoid them, thinking they are phishers.

UPDATE XIV: Was It a Success?

If the iPhone offer site is not run by the phishers, and they were setup as affiliates, there’s the possibility that the phishers may not benefit at all, if the iPhone offer site cuts them off. (Assuming, of course, that the affiliate program doesn’t offer an instant affiliate payment of some kind.)

If the iPhone offer site is run by the phishers, there is a good chance that they made some money off the deal. While it is likely that many people will notice the fee being charged to their phone bill, and either cancel or dispute it, it remains likely that some people wouldn’t notice for quite a while.

Some people were of the opinion that trying something like this on a social networking site wasn’t a good idea, because of how quickly the warnings could be sent to people. But, even this morning, there are people seemingly unaware of the phishing scheme. Even yesterday, in the midst of all the heavy tweeting and retweeting of warnings, there were still people tweeting their friends asking why they sent them a bad link.

So, it is possible for a scheme like this to achieve some success on a social network. Let’s say that out of the thousands and thousands of people on Twitter, only 500 people ended up getting signed up for that $9.99/mo. service. (I’m just using the $9.99/mo. as the example; there were varying rates for various carriers.) That’s $4,995. Or, if it was an affiliate program (and the phishers didn’t get caught) with, for example, a 10% referral fee, that’s still $499. That’s not bad for two days work, especially in parts of the world where a dollar may go farther.

This illustrates several things about Twitter:

1) Not everyone is on 24/7. So, just because one round of warnings get sent out doesn’t mean that everyone will see them. Some people got annoyed with all the warnings, but, if only one warning is sent out, that can be quickly lost in the Twitter stream.

2) All your followers don’t read all your tweets. You’d tweet a warning, even see it get retweeted, and still there would be people tweeting, asking about what’s going on.

3) Some people stay on their Replies page, so they won’t see general tweets.

That’s all common sense stuff, but also the reason why, in such a situation, multiple warnings may need to be sent out. Otherwise, and even still, people are apt to miss them.

Better yet is if people are educated about these things. Some people put up blog pages listing all the people they received DMs from. I don’t think that such a “Wall of Shame” is really necessary. Most, if not all, of those people will have been victims of the phishing attack. Why make matters worse for them by publicly identifying them? Send them a DM or an eMail. If you can’t do either of those, then, as a last resort, use an @reply to try to let them know.

Rather than call out the senders, it is better to let people know what to watch out for, by identifying the type of message being sent as well as the URLs those messages will direct them too.

Since the senders, the messages and the URLs are all subject to change, the best bet is to simply inform people of what to be on the lookout for in general. Phishing is here to stay, and simply waiting a few days for things to “settle down” isn’t going to change that. You will continue to get phishing messages in your eMail and, now, in your Twitter stream or DMs too.

Don’t rely on other people to warn you about a phishing scam! Learn what to watch out for!

UPDATE XV: Twitter Hacked Too

Twitter was apparently hacked into as well. Some high profile accounts were compromised. The problem has apparently been remedied, but no further details have yet been posted. Here is Twitter’s blog entry on the hacking. (Thanks to @KrisColvin for the tip!)

They recommend changing your password as a precaution. Even if you didn’t fall victim to the phishing scam, if Twitter itself was hacked, your account could be at risk too. So, do change your password as a precaution. This, unlike some of the mass hysteria yesterday regarding changing your password, is good advice. I am changing mine.

UPDATE XVI: Details from Twitter

Twitter has posted details on the hacking incident, which was unrelated to the phishing.

Monday Morning Madness

UPDATE XVII: New Phishing DM

This appears to be a new phishing DM. The site kind of looks legitimate, but the URL is being sent out by different accounts. So, it’s looking like those accounts may have been compromised by phishing, so I wouldn’t provide any personal data to the listed website.

Here is the text and URL:

“Heyy!! this website got me completely out of debt!! http://freedebt4u.com”

If you get that in a DM, I’d just delete it.

I do this on Twitter, so I figured why not do it on my blog too? Maybe it’ll give you non-Twitter people a reason to sign up.

• Have you met husband, father, wanna-be entrepreneur and my 8000th follower @scott_mitchell?
• Have you met @houstonmacbro — a “geek guy” with a heart and a sense of humor?
• Have you met author, attorney, artist and marketer @kevinhouchin?
• Have you met poker player and web content developer @dcgoodson?
• Have you met online marketer extraordinaire and totally determined dude @jankoonline?
• Have you met social media addict @JennFowler?
• Have you met Web 2.0 golden child, accounting enthusiast, and ironic hipster artist @Adrigonzo?
• Have you met amateur chef, jet skier, animal lover and gadget geek @runnergirllkn?
• Have you met my 2nd 8000th follower, mental health counselor @DrErica?
• Have you met realtor and dance teacher @LesleyLambert?
• Have you met undercover internet entrepreneur @johnyeng?
• Who is THE realtor to know in Joplin, MO? Who could it be? Who could it be now? Could it be @CindyMoore? Do you agree?
• Historian, technologist and learner, don’t put following @moehlert on your backburner!
• Have you met @ndwells05? She runs a website to help support families of children with Asperger Syndrome.
• Can anyone offer @erku some feedback on his site Reizit? It’s like digg for shopping.
• Have you met animal lover, wine afficionado and photographer @harmonymatters?
• Have you met motorcycle rider and soap maker @KyleSC?
• Have you met @sbradley3 who studies human cognition and teaches advertising?
• Have you met optimist and sports lover @kevintouhey?
• Have you met @mihla, a groovy granny living it large in Minnesota!

I pick people to shoutout more or less at random. I’ll just keep it a bit of a secret as to how I choose, so that no one tries “gaming the system.” But, I will tell you that it does help if you have a Twitter bio filled out, preferably with more than one or two words. Also, a link to your blog or website would be appreciated sometimes too, especially if your bio isn’t very thorough.