A common technique used by scammers and identity thieves is to send you an email or text message purporting to be from companies with which many people do business, such as large national banks, Facebook, Twitter or Ebay telling you that there has been a security breach of your account and that it is necessary for you to take particular steps to protect your data and your account. The email or text then requires you to provide confirming personal information, which then is used by the identity thief to make you a victim of identity theft or requires you to click on a link to take you to a page where you will be assisted in protecting your account when in actuality what you do by clicking on the link is download keystroke logging malware that will steal all of the information on your computer and make you a victim of identity theft. However, a similar email that many Twitter users are receiving is actually legitimate, however, there is more to the story. The legitimate email from Twitter reads “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.” The email then instructs people as to how they can change their passwords to the password they now wish to use. The number of Twitter users receiving the email actually is more than the number of Twitter users that were actually in danger of having their accounts hijacked, but Twitter affirmatively decided to err on the side of caution and change more account passwords than might have been necessary and it is hard to criticize that decision although it is possible that the broad resetting of passwords may also have represented a mere mistake by Twitter in determining what accounts were in jeopardy. But there is another scam of which you should be aware. Knowing that the word is getting out that the email from Twitter is legitimate, scammers will be emailing and texting their phony versions of this email representing themselves as Twitter. In the scammers emails they will be either asking for personal information or directing you to link to a page to reset your password that will download that keystroke logging malware program I warned you about. Don’t provide such information and don’t click on any links unless you are sure they are legitimate.
The real email from Twitter does contain a link to go to change your password, namely https://twitter.com. However, you are better protected by not clicking on the link, but typing the real address directly into your address line. The real email from Twitter does not ask for personal information. If you are asked for personal information, the email you got is from a scammer. Also check out the address from which you your email is coming and if it isn’t the real email address of twitter as indicated above, don’t trust it. Don’t even trust an email from an address that contains the word “twitter” in it because that may be from a scammer who just used the name in the phony address.