If you've recently received a direct message on Twitter with a strange-looking link embedded in it, you're not alone. After I received two such messages within a few days apparently from people I knew, and two other friends reported they had received messages of this type, too, we decided to investigate. On a protected machine in our lab, we clicked on the dubious links and found that both led to the same "work at home" website (see the screen grab below).
We're not yet sure how the senders' accounts were compromised, but their owners told us that they definitely hadn't sent those DMs themselves.
Just as with questionable e-mails, IMs, or texts, think twice before you click on embedded links in a Twitter Direct Message. Look for telltale signs such as messages that contain nothing more than a link, contain just a short phrase such as "check this out," or are written in a style that doesn't sound like the sender's style. Also look for grammar and spelling oddities and errors. You may also be able to spot a questionable link by hovering your cursor over the URL in the Direct Message to display the full URL and visually inspecting it for a top-level-domain outside the US, such as ".cn" (China) or ".be" (Belgium).
To play it even safer, don't click on any embedded links without checking with the sender first. And for a huge amount of free advice on how to stay safe online, visit our free guide to Internet security.
—Carol Mangis
Consumer Reports has no relationship with any advertisers or sponsors on this website. Copyright © 2007-2013 Consumers Union of U.S.
