It was Tuesday afternoon. Nine minutes after 3pm. I was standing on the corner waiting at a red light on Grand Avenue in Downtown L.A after just meeting a PR rep from New York. Head in a twirl over the mountain of work that awaited me at my office and thinking about the potential stories the pretty New Yorker pitched.
That’s when it happened.
My phone vibrated. I pulled it out and saw the message.
“Direct from @MaryKnabben: OMG they said he died…Did he? http://t.co?BQ7zvZ6″
(READER WARNING – DO NOT CLICK ON THIS LINK OR SUFFER THE SAME FATE AS ME!!)
Who died I wondered? I didn’t click the link then. I let it linger. I had a 5pm appointment, three traffic-filled blocks to traverse and emails to send.
Did I Miss Something?
But as I stood waiting for the light to change I wondered if I had missed a major passing. It wouldn’t be the first time. I often get alerted to news by direct messages and Twitter friends. Nothing new there. The language in the message was, though. OMG. Not very journalistic or the type of lingo you’d expect an adult to write when a luminary passes. Still, I figured it must have been the writing of someone who was stunned.
At first I figured this was the case, but in my gut, I knew something seemed weird about the tone of the note. As the light turned green I walked, slung my phone back in my pocket and kept moving.
When I got back to the office, overlooking some of the priciest data centers in Los Angeles if not the nation, I scanned the wires and social media, but I couldn’t find anything. Hmmm. My antennae were buzzing. Had I missed it? Did she have a scoop?
Before I could dive into my detective mode, 5pm came and I was thrust back into reality. By 6:30 it was over but then then I had to meet a friend at The Standard a few blocks away. By the time I got home I was exhausted and I showered and went to bed without checking further.
I Couldn’t Resist Clicking
The next morning I opened up my Hootsuite and looked at the link. There it was, just waiting to be clicked.
I checked out @MaryKnabben’s Twitter stream. A fellow journalist from Brazil, we had met at Social Media Week a few weeks earlier when I spoke on a panel on journalism and social media. I liked her. She seemed professional. Her tweets looked normal. Nothing seemed (ph)ishy. So despite a nagging feeling of doubt, I clicked on the link. It took me to a strange site. A pseudo-news site called News 3. But a few seconds of scanning the site, I realized it wasn’t news. It was a pay-per-click factory with an attractive young woman at the top of the page and promises of weight loss. What the hell?
I exited the window, thinking nothing of it. Must have been a wrong link. I should have known better. I should have known right away something was up. But I didn’t.
Uh, Oh. Trouble!
A few hours later, after a break for lunch, I reopened my Hootsuite account. And there it was. Staring at me. A new tweet on my timeline.
A tweet that I. Did. Not. Send.
“Losing weight is easy.” I’m 6 feet tall and 160 lbs. I don’t need to lose weight. And I didn’t send that tweet. There was a link at the end of it. I clicked on it. It was the same site.
“Please don’t let my Twitter account be hacked,” I pleaded to the powers that be. “Please, please, please. No, no, no.”
It was Halloween. And for the first time on this candy holiday I was scared.
I deleted the tweet in a heartbeat and immediately changed my password. To my surprise none of my followers replied to the strange tweet. Perhaps that’s because I deleted it so fast. Phew.
At that point I wasn’t sure what the hell happened, but I knew someone had caught me with my pants down. I racked my brain. What happened? I’ve always been so careful… hadn’t I? Could it be one of the hundreds of applications with read and write access to my Twitter account? I know I didn’t always read the fine print, but I knew right away that this was a long shoot. No, it couldn’t have been Goodreads or Digg. No way. No way…
Then I realized just how un-careful I had been. I realized what it was and who the culprit was, too.
Apparently Mary was hacked. She told me she didn’t see any changes in her account except for auto-DMing everyone who follows her that “shady link.”
I had heard the horror stories. Now I was in one. I got phished. I clicked a funny link.
Stupid. So, so stupid. I couldn’t believe it.
I knew what I had to. I deleted all of my cookies, went through the process of changing my main online passwords (email, banking, social media), ran a virus scan and restarted my computer. I have so many online passwords I knew I couldn’t change them all, but the important ones I changed immediately. If someone wants access to my Friendster account, go ahead. It was Halloween night and I had a party to go to.
After more than an hour of dreaming up new password combos, I waited for my virus status like a patient expecting a STD results phone call from the doctor. No trojan horses popped up. Thankfully. I breathed a sigh of relief.
But I knew I had dodged a bullet. Exhausted and mad at myself, I signed out of my browser still steaming, swearing I would never make this mistake again.