7 Tips for Staying Safe on Twitter — Guest: Marcy Kennedy

If you’ve known me for a while, you probably already know that I love Twitter. If I’m online, I’m on Twitter because I live on Twitter. Twitter is my happy place. *smile*

So when my friend Marcy Kennedy offered to guest post about staying safe on Twitter, you better believe I jumped at the chance. I want Twitter to stay a happy place. I don’t want to deal with the hassle of hackers or other bad guys messing with my happiness.

Marcy’s here today to share seven tips for Twitter, but many of these tips apply to staying safe online—period. Not just for Twitter. And at the bottom of the post, I’ll share bonus tips for how we can implement some of her ideas throughout our online life.

Please welcome Marcy Kennedy!

*****

7 Essential Things to Know About
Staying Safe on Twitter

For all the wonderful things that technology provides us, it also comes with new risks. We need to be smart about our social media use because Twitter won’t be fun and our platform building won’t be sustainable if we don’t know how to stay safe.

So today I wanted to share seven tips for how to protect yourself and your information on Twitter so that you can make new friends, reach new readers, and grow as a writer.

Tip #1 – Change Your Passwords Regularly and Protect Them from Scam Artists

If you use a weak or easily guessable password, you make yourself an easy target for hackers.

• Create a password that’s at least 10 characters long and includes a number.

Not all sites are case-sensitive, but for those that are, you’ll also want to include at least one uppercase letter. The strongest passwords will also include special characters, such as ! or @.

• Change your password frequently.

You might not know if your account has been hacked, so by changing your password frequently, you basically wipe the slate clean.

• Don’t use a password that you’re using anywhere else.

If your Twitter account or your email gets hacked, you don’t want a hacker going over to your website to try the same password and finding out it works, or vice-versa.

Tip #2 – When You Log In, Pay Attention

Most of us are super busy and log into accounts on autopilot, but this actually puts us at risk.

If you’re trying to log in to Twitter.com directly, check that you’re on their page. The simplest way to do this is to type www.twitter.com into your browser rather than allowing some secondary service to supposedly take you there.

For TweetDeck and Hootsuite users, if you ever receive a pop-up message or any other communication claiming to be from TweetDeck or Hootsuite and saying your account will be suspended unless you verify your password, this is a scam. Close the program and open it again to see what happens. Usually the message will be gone.

Tip #3 – Don’t Click Links in Direct Messages

One of the most common ways hackers get access to your Twitter account is through links in a direct message. You receive a message that says something like “Look at these funny pictures of you” or “Someone is saying really bad things about you” and they include a link. Your natural inclination is to click that link, but don’t. Once you click, you give them access to your account, and they’ll be using your account to send out these messages to other people.

(Note from Jami: This issue became so widespread that TweetDeck (and maybe Twitter itself) no longer allows users to send links in DMs, but corporate policies change, so it’s always good to be aware.)

Tip #4 – Contact Anyone Who May Have Been Hacked

If you get a direct message from someone and you suspect they didn’t send it, contact them to tell them their Twitter account might have been hacked, and suggest that they change their password. Unless you let the person who’s been hacked know, they’ll have no idea that someone has taken over their account and is using it to send out DMs with sketchy links in them.

Tip #5 – Report and Block Bad Accounts

I’m giving you this instruction with caution because not everyone understands what they should be reporting and what they shouldn’t.

Reporting is serious business and can get someone’s account suspended or deleted. Don’t report someone if you suspect their account has been hacked. Instead, let them know so they can change their password and free their account from the hacker. You also shouldn’t report someone just because you don’t like their tweets.

Here is how Twitter defines spam:

Here are some common tactics that spam accounts often use:

• Posting harmful links (including links to phishing or malware sites)
• Aggressive following behavior (mass following and mass un-following for attention)
• Abusing the @reply or @mention function to post unwanted messages to users
• Creating multiple accounts (either manually or using automated tools)
• Posting repeatedly to trending topics to try to grab attention
• Repeatedly posting duplicate updates
• Posting links with unrelated tweets

Some of these are self-explanatory, but some of them need to be elaborated on.

Repeatedly posting duplicate updates.

This doesn’t mean that someone posted a link to their blog two, three, or even five times. This is talking about someone who posts the same handful of tweets over and over again without any variety.

Posting links with unrelated tweets.

This is when someone writes an innocent-looking tweet and then links to a harmful site. It can also be when someone writes something unrelated to get people’s interest and then links to their sales page. (It’s like false advertising of a product.)

When it comes to reporting people, first ask whether there could be an innocent explanation for their behavior. Only report people who are willfully spamming or engaging in other harmful behaviors.

Tip #6 – Check Your Twitter Apps Page Regularly

This is a housecleaning measure. About once a month or so, go to the part of your profile that lists all the apps you’ve given access to your account. Delete any you don’t recognize or aren’t using anymore.

Tip #7 – Don’t Tweet About Where You’re Going or When You’ll Be Away From Home

All your tweets are public. People don’t even have to be following you to see what you’re tweeting.

Tweeting that you’re away from home is a great way to advertise that your home is empty (and easy pickings for a break-in), but it’s also dangerous to let people know if you’re out alone (or if you might be imbibing alcohol).

I’m a big advocate of tweeting images, but some camera phones embed location information into the metadata of your pictures. It’s called geotagging, and anyone who wants to can easily figure out where you live or where you are at that moment. To be safe you should turn off the Geotagging feature on your phone or strip the information out. Both Facebook and Twitter say they will now be removing location information from photos, but you shouldn’t trust a social media site to do it for you because their policies are constantly changing. Be safe and do it yourself.

*****

Marcy Kennedy is a suspense and speculative fiction writer who believes fantasy is more real than you think. Alongside her own writing, Marcy works as a freelance fiction editor and teaches classes on craft and social media.

She’s also the author of the Busy Writer’s Guides series of books. You can find her blogging about writing and about the place where real life meets science fiction, fantasy, and myth at www.marcykennedy.com.

*****

Marcy’s latest entry in her Busy Writer’s Guide series is Twitter for Authors:

Building a thriving social media platform doesn’t have to steal all your precious writing time or cut into your time with your family. Twitter for Authors is about building a successful Twitter platform that’s sustainable for busy people.

Twitter often gets a bad reputation from people who don’t understand it or don’t know how to use it to its full potential to build an author platform. When used correctly, Twitter can be one of the best tools for increasing traffic to your blog and gaining new readers for your books. And it’s fun!

Twitter for Authors contains helpful advice for both Twitter newbies and long-time Twitter users who want to take their platform to the next level.

*****

Thank you, Marcy! As I mentioned above, many of these tips apply to all of our online life:

• We should always be smart with passwords and logging in to sites.
• We should check for old or irrelevant apps on Facebook, Google, LinkedIn or other sites, just as we do for Twitter apps.
• Most social media sites provide a method to block users and/or report spam.
• We shouldn’t announce our location unless we’re trying to draw a crowd, like for a book signing.

Bonus Tip for Passwords: A Password Manager

One thing Marcy mentioned was using unique passwords for each site. I don’t know about you, but I don’t want to dedicate the brainpower for remembering all those passwords. *smile*

Enter a password manager program, like KeePass or LastPass. These programs remember your passwords for you in encrypted form (unlike when we have our browser remember them). KeePass is more flexible for odd log-in requirements while LastPass is probably easier to use for non-techies.

Bonus Tip for Logging In: Two-Factor Authorization

LastPass, KeePass, Twitter, Facebook, Google+, Hootsuite, LinkedIn, Tumblr, Gmail, Yahoo Mail, Dropbox, Evernote, Google Drive, OneDrive, PayPal, and WordPress.com (in other words, virtually all of our online life) all can be set up with Two-Factor Authorization (sometimes abbreviated 2FA). 2FA or two-step verification is a log-in process that requires us to verify our identity in two ways.

For example, the first time we log in from a new laptop, the service would send a code to our cell phone. If this new laptop is indeed ours—and not just the computer of someone who hacked our password—we would see the code on our phone and be able to copy it to our laptop to verify, “Yes, this is really me.”

No doubt there’s a pain-in-the-butt factor with 2FA, but many security experts say it’s the smartest thing we can do to prevent usage of any stolen passwords, because the password itself would not be enough. Here’s a list of the websites that support 2FA.

I don’t know about you, but I have a few more things on my list of stuff to do now. *sigh* Thanks again to Marcy for the reminders and information, and hopefully these tips will help us all. *smile*

How much do you worry about your online safety or security? Have you already implemented any of these tips? Do you have any other tips for online safety? Or do you have a warning story to share?