How my @Twitter account almost got hacked.

Thread.

So I woke up to this email from “twitter” this morning stating I was suspended. Firstly I was shocked as I don’t remember doing anything last night could go against the twitter rules.

I was surprised and shocked, so I immediately clicked on the “unlock my account” button. It takes me to this landing page, where my account information is required, and this is where things get a bit interesting... Being a designer and an overly observant person saved me here:

1. So firstly I noticed that the site url is says “twIttr” and if you’ve ever used twitter on your mobile, the correct url says “ https://mobile.twitter.com ”

2. The Twitter logo on this landing wasn’t in high res it was pixelating .. a brand like Twitter??? I was really touched.

3. Apart from the url and logo, when I initially got onto this “twitter” landing page, I felt really weird, at first I didn’t understand why but initially figured out the UI (user interface) was badly designed. ... okay let me show you guys what I mean

The fake twitter sites “log in” button was already highlighted and it had a drop shadow underneath it. Usually it only becomes highlighted after your login details & it never ever has a drop shadow... also “log in” is capitalised.

4. On the fake site, the “Forgot password? . Sign up for Twitter” hyperlink is EXTREMELY close to the button. This made the UI design feel even more uncomfortable and painful to look at.

5. After noticing all these weird things, I decided to go and have a look at the email that sent me the mail and it didn’t have a “ https://twitter.com ” extension. (Side note, this is why domains are so important for brands) verify@tweetsmasterclass???

6. After all of those checks, I finally came onto my Twitter app and my account was still logged in, I had not gotten any notification for a suspension and none of my tweets were removed. Please be vigilant with emails and or apps that get access to your accounts.

Through all of this, I wasn’t even sure if I was mad at the fact that they tried to hack my account or tried to trick me with a terribly designed user interface....

Nonetheless here’s how to better protect your account:

• Have a really strong password for your account, a twitter generated one is always better, just write it down or save it somewhere safe.

• Whether you’re a verified account or not, activate two factor authentication for your account. You need all the security you can get.

• lastly make sure the email acc linked to yours twitter acc also has a strong password and you’re the only one who has access to it.

Hope this helps someone out there to be more observant and secure their data.

End.