Some Notes After Wandering Down A Bad Alley On Twitter

I’ve been had!

I was catching up on the news and views yesterday morning, bouncing between my RSS feed reader and Twitter accounts like I always do, when I crossed the point of no return. I had wandered down a bad alley—I almost heard the “Gotcha!” from some anonymous evil-doer as a creaky door slammed behind me.

You on behalf of your firm or any individual seeking to understand the reach of its Twitter account could be vulnerable to what I fell for. The damage to my RockTheBoatMKTG Twitter account will be limited, thanks to my followers being a resilient group. And, I have only myself to kick but at least I’ll be doing the kicking.

For you, the asset management marketer, the fallout could be worse. Let’s retrace my steps to see where I went wrong.

A New App? Let’s Check It Out

I saw a tweet on my tweet stream from a follower I recognized about what seemed to be a new Twitter utility. I saw only a single tweet—if I had seen more from the same account, I would have known not to fall for it. But lots of tweets were flying yesterday and tweets from others separated that first tweet from the ones that followed, which were much more spammy (see examples below).

When I started the RockTheBoatMKTG account in January 2009, we used to see lots of tweets about cool Twitter (Web-based) apps that would analyze your Twitter account one way or the other. Twitter haters might point to this as evidence of tweeters' narcissism but I disagree. If you’re going to invest the time in what can be a very time-consuming activity, you’re eager to understand the impact it's making.

Toward the end of 2010, it seemed as if the innovation had cooled and many of the sites I used to rely on had slowed down or shut down. Sad. In the last several weeks, though, I’ve seen some interesting new apps (see Twiangulate and MentionMap) and have been wondering whether a Twitter app renaissance might be underway.

The tweet I saw yesterday suggested that TwitterStalker.net would reveal information about who was looking at your Twitter account profile and other viewing statistics. Of course, I thought to myself, someone has come up with a way to match the LinkedIn capability that enables people to see who has viewed their profile. Great!

So, I clicked on the link, which took me to a Twitter page seeking access to my account. As I stress in the Twitter training we provide (I know, I know), this should always give one pause—you are about to grant an app that you do not know access to your account. It's necessary, however, when you want the app to analyze the account in some way.

How It All Went South

I manage two active business Twitter accounts—@RockTheBoatMKTG and @AdvisorTweets. I shield @AdvisorTweets as much as possible and allow few apps to connect. When I do allow access, I revoke it immediately after I get the information I need. Although I maintain other Twitter accounts for testing, my RockTheBoatMKTG account is the account I do the experimenting with when I want to see real data analyzed.

So, after granting TwitterStalker access, I was taken to a page that required me to complete a brief survey on my choice of questions. I agreed to answer questions about Tide.

Was I suspicious at this point? No. I was intrigued by the notion that major brands would use a Twitter app offering premium content as a means of getting surveys completed. I was thinking about the idea for a blog post.

OK, I became somewhat suspicious when the Tide survey I agreed to take was actually a survey for Chili’s. And the screenshot below will show you what I missed while happily jumping through the hoops. Procter & Gamble (and note the mis-spelling of the company's name in the ad) doesn't endorse the offer and is not affiliated in any way with the promotion. The same goes for Chili's.

After I completed the survey and entered my email address, I was asked for my contact information so they could send me my choice of $250 gift cards. Nothing was adding up here. But I decided to continue to play along and provided some bogus information (I will be 21 next week).

Finally, the payoff: The results of the Twitter Stalker analysis. It was a list of images that looked like Twitter favicons and grayed out profile information. Based on the pictures, I’m pretty confident that those people are not interested in tweets about digital marketing for financial services and would not have been looking at my Twitter account page. There were no detailed statistics provided.

I was duped by what seemed to be no more than a name acquisition scheme. But wait, there’s more.

The Using And Abusing

I sent a tweet about TwitterStalker.net but it was more to set expectations and not an explicit warning. But I had underestimated it, which I realized as soon as I saw several tweets from myself recommending TwitterStalker. Because I deleted the tweets as soon as I sent them, the screenshots below are from my feed reader. Eke!

Obviously, I needed to revoke the app’s access to my account, which I quickly did using the Settings/Connections on Twitter. As an extra precaution, I've also changed the account's password. Finally, I sent a tweet to Twitter support asking them to check it out.

That tweet triggered a few tweets to me that no doubt came from the same bad actor whose aliases include @powiqytohy, an account that has since been suspended. No, I didn’t fall for this link.

But wait, there’s more.

I next received an email asking me to confirm something. I get it—now I am in filed in their system under People Who Will Click On Anything.

The email is formatted according to best practices that include a link to a Privacy Policy and a mailing address to an Austin, TX-based company called Firefly Digital Media. The Firefly Website describes the firm as being “an incredible vehicle for customer acquisition” and “a powerful platform for brand marketers. FDM is able to help identify customers that repeatedly show interest in specific brands and products. Over 20% of our active members have engaged in 10 or more marketing-related actions with us.”

Interesting but we can't automatically assume that this firm is responsible for TwitterStalker.net. Whoever commandeered my Twitter account (and others') might be doing the same with this firm's name. There are no names on the Website and I couldn’t find any mention of the company on LinkedIn. I’ve sent an email with a few questions to their contact email address. As soon as I hear back, I’ll let you know.

Takeaways?

I debated about whether I needed to tell you about this and concluded that I did. For the last two years, I’ve been talking and writing about the benefits of social participation and about Twitter specifically.

But it’s not all buttercups and rainbows. The popularity of the social networks inevitably attracts the Dark Side. As we have seen with malware and hacks on the computer and spam and phishing in emails, crooked types are a wily group. They are continuously improving their ability to lead people into making mistakes. (And, I should say, that Twitter in particular has been tenacious in its efforts to stomp out crime—by last night tweets complaining about TwitterStalker had ebbed.)

It's easy for people who haven't been stung to blame the ignorance of the people who are. Ignorance doesn't apply in my situation, I've navigated around a few of these before. I dropped my guard and wasn't paying close enough attention.

In the case of mutual fund and exchange-traded fund (ETF) marketers, inexperience due to your light tweeting could trip you up. Your team knows not to tweet without Compliance review. But they also need training on the tweets they follow while they're in "listening" mode.

My recommendation to you: Be on guard and, as you continue to distribute your social media involvement, train all to be on guard. Everyone wants to evaluate the return on what they're doing, and that makes apps like TwitterStalker (if it even is an app) that much more attractive. When you are tempted to see what a third-party app might offer you, use a dummy, non-branded account and see what kind of havoc is wreaked on it.

Your procedures should include a short list of apps that you will grant access to your Twitter account (e.g., a URL shortener, a desktop, smartphone and iPad Twitter client, an image-sharing app and an archiver). The rules should describe the circumstances under which that list is added to.

Yesterday it was consumer products brands like Tide and Chili’s. But as financial services have been targeted with phishing scams, leave room for the possibility that someone somewhere is cooking up a Twitter or Facebook or LinkedIn plot using your firm’s name. How will you handle that? A good social media strategy will anticipate such a scenario and sketch out a plan.

Making mistakes, fixing them and learning from what happened is part and parcel of what it means to be out there. Yesterday wasn’t my favorite day to be on Twitter but Wednesdays never are. I really like Thursdays.