Most people in publishing can spot a malevolent spammer a mile off. The real danger comes, writes James Evelegh, when the message is from a friend.
I am immune to all the usual spamming suspects; Max Gentleman with his helpful stamina advice, those kind hearted girls from Eastern Europe wanting to be my pen pals, those deathbed attempts to bequeath me millions of dollars.
I see them coming and ignore them all.
The one I didn’t ignore, but wish I had, came from Tom at 11.30 last Saturday night. I know Tom. We’re not close friends, but we had done some work together a few years ago. He has since gone on to scale some impressive digital heights. He knows his online stuff. A message from Tom is not to be ignored.
The Twitter direct message I received from Tom said: Hi someone is posting terrible rumors about you.
OK, thanks Tom. That doesn’t sound very nice, better check it out. So I clicked the bit.ly link. It took me to what, at a casual glance, looked like a Twitter login page. Odd. I typed in my Twitter name and password. It came up with some incomprehensible error message. I closed the page down and thought nothing further of it … until I woke up the next morning.
The millisecond my eyes opened, I realised, with blinding clarity, precisely what I had done.
DAMN, DAMN, DAMN, DAMN.
I had done the one thing we are all told NEVER ever to do; input your password / PIN number into a site unless you are 100% sure it is bona fide.
I turned on my computer and my first email (thank you John) confirmed the worst.
Did I know that my Twitter account had been hacked and that it was sending out lots of direct messages?
How could I have been so thick? Tom hadn’t even used my name. Surely he would have done if it had been genuine. He had misspelt ‘rumours’ (sorry American cousins). The link had taken me to a login page; that at least should have set the alarm bells ringing.
Why, why, why?
The reason is obvious. My guard was down. I’d had a drink. And, crucially, I knew Tom!
Putting aside the glass of wine (there’s probably a lesson there too), you are most at risk of being duped when the message comes from someone you know and trust. So, my advice is this, next time you get a slightly-out-of-the-ordinary message from a friend, put your antennae up and proceed with extreme caution.
If you are ever hacked, then try to remain calm. It’s not easy.
What I did was this; I googled ‘twitter account hacked’, and found this useful page - http://support.twitter.com/articles/31796# - and followed their advice, starting with the password change. I then put out a general tweet telling followers I had been hacked and to ignore me! I looked through the list of people my low-life hacker had direct messaged on my behalf. Because Twitter limits the number of direct messages to 250 per 24 hours, and my hacker had maxed out, I couldn’t direct message them until later that night. Those I recognised and had an email address for, I emailed. The rest, I direct messaged at 11.30 on Sunday evening. What a great weekend.
There are a few small crumbs of comfort. Twitter’s 250 limit was a godsend. I strongly suspect, but can’t be sure, that my followers are more intelligent than me and didn’t fall for it. My bank account wasn’t cleaned out.
No doubt I will continue to beat myself up over it for a while, but I suppose, if Tom fell for it, then I’m in pretty good company.
InPublishing Tips is a new series of occasional articles in InPubWeekly. The tips can be about any area of publishing (newspapers, magazines, online), any platform (print, online, mobile), any discipline (editorial, advertising, circulation, personnel, finance, management); anything really, as long as it's of interest to senior publishing management. If you've got a tip you would like to share, then please do get in touch.