This weekend a Phishing scam erupted around Facebook and Twitter. For those fortunate enough to have not been introduced, Phishing is the act of acquiring someone’s information by misrepresentation as a trusted entity. In this case people received email messages from their friends’ Twitter or Facebook accounts who had been duped by the scam, clicked to a site that looked like your Facebook or Twitter login page and entered their name and passwords. Then all their friends got direct-messaged and solicited and so on. If it got you, don’t feel too badly; even some of the most experienced get scammed sometimes.
Quickly Twitter engineers and operations teams responded to defend their service integrity and community. They also alerted their friends at Facebook about the scam. And they whipped up a quick blog postfor reference/search benefits. Then a new slug of text appeared between the Twitter enter form and a user’s Twitterstream: “HEY!If you get an email masquerading as a DM with a link, it could be Phishing.”
Did they have to go to these lengths for their community? These issues come and go so quickly most people wouldn’t notice. To this point, the message was gone a couple of hours later. And, think about what it takes to make a change on your corporate website. Now consider what it takes to change the User Interface of a webservices application. Nothing changes that doesn’t absolutely have to. So to answer the question above, Twitter clearly felt they needed to do something for their community and brand.
I thought it was interesting that the community was also helping out on Twitter–and therefore in Facebook for those that update their Facebook Status with Twitter–by warning others of the threat. In a way, Twitter can counter viral activity because its citizens wish to keep it pure. In a way, it’s the “diseconomy” or “deviralization” of a person or issue at work. There are those that believe Multi-Level Marketers can better exploit a platform like Twitter, but I disagree. The community will gang up against exploitive behavior faster than it can regenerate.
Protip: If you think something’s not right on Twitter you can also “Follow” @spam to direct-message them with suspicious activities or accounts. They’re great at removing the weeds and debris from their garden and rely on the crowd to help with vigilance.
Meanwhile, the silence at Facebook was telling. By my count and without altering their current message carriers Facebook could have warned its community in half a dozen intuitive ways. In its socialgraph, inbox, activity notification bar, status feeds, profile alerts and even in its ad space it could have notified users of the emerging issue. Instead, it acted more like a large, traditional institution that either can’t marshall the resources and authorizations to react in real-time or won’t as a matter of policy.
I’d say for this round, Twitter acted more like the Real Brand and served a good lesson in brand-as-service for its larger SocialMedia bretheren. Here’s a good link if you want to take your own precautions against Phish feeding, courtesy of Twitter.
Update: CNET’s Rafe Needleman reports that this Phish situation is ongoing. Seen many tweets requesting to be notified “if you get a DM from me.”
Update: Brittany Spears gets hacked on Twitter by the Physhing scam.