There’s another phishing attack on Twitter, and yet again it’s being spread by direct message.

(You can read all the details over at Mashable.)

Here’s what I think you need to do. If you get any of these malicious direct messages, please don’t click on the links, but do make a note of the user(s) that sent them to you. Is that name familiar? Have they fallen foul of these phishing scams before? Several times?

Do they always seem to be affected by these kinds of exploits?

If so, unfollow them. Don’t hesitate, do it right now. And seriously, seriously consider a block, too.

Reality check: it’s probably a safe bet that virtually every single one of us will be conned by something on the internet before we bite the dust. As human and artificial intelligence-slash-guile continues to develop, we’re all potential marks.

People make mistakes, and when something happens to somebody else on Twitter it’s fantastic if you can take a moment to explain to them what they did, and hopefully educate them enough so they won’t do the exact same thing a month or two later.

But if you have users in your network who are always getting tricked, and who are repeatedly getting their accounts compromised, then you need to let them go. Because nice as they might be as people, as long as you’re connected then their neglect and technical naivety becomes yours (by proxy).

It’s a phishing attack today – it might be something a heck of a lot worse this time next week. This might seem harsh, but this is your security at stake. And while there’s any kind of link between you and them, and despite how savvy you think you might be, the odds of YOU getting caught out will continue to increase dramatically each time they screw up.

(PS. If it makes you feel better, send them an email or open tweet explaining why you had no choice. Just don’t click on any links that they send back.)

Over at the official Twitter blog, there’s news of a new internal URL shortener that Twitter has added to the platform.

The shortener, twt.tl, cannot be accessed directly at the moment. Instead, Twitter plans to route all submitted URLs through this new service so that it can “detect, intercept, and prevent the spread of bad links across all of Twitter”, adding that even if a link is shared by a different method (i.e., email notification), they will be able to keep the user safe.

Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications.

It’s worth noting that when you see a URL shortened to twt.tl it doesn’t mean that the contents of that link are bad. One assumes that when malicious data is contained within a link, Twitter will simply re-route the user through to a stop page that prevents them from being affected, hopefully with an explanation as to what happened, alongside some encouragement not to retweet.

More details as they emerge.

Earlier this week I started getting some curious emails from Twitter that informed me that some users had requested to follow me on the network. How strange, I thought – my status updates aren’t protected, so why not just click on the follow button like, you know, everybody else?

Well, this was a little different – they’d searched for me via my email address and Twitter then asked me for my permission, adding that the reason it was doing this was because my account wasn’t configured to let users find me by email.

The message also presented me with options to change these settings, and I promptly clicked on the ‘do not let others find me by my email address’ link.

Why? I’m not completely sure, to be honest, but something about it didn’t feel right. Concerns I had with the privacy implications of using Google Buzz were still lingering in my mind, and even though there’s a chance that some who search for me by my email address actually know me, because I readily share my email openly it’s significantly more likely that the majority will be spammers. Gmail handles 99.99% of that incoming spam for me – Twitter does not.

Earlier today, I logged on to Twitter.com and was presented with this pop-up.

This also gave me the choice to opt-out of being found by my mobile number, too, which I took. While there’s every chance that searches done by this method will be legitimate, there’s something about it that doesn’t feel right. Why not just search for my name? It’s unique enough that these other options aren’t really necessary for me. I suppose for the John Smiths of this world, and certainly those who keep their email address very private, it might be a little different.

Or not – the implications of being tracked by your email address or mobile number are significant, certainly if you wish to maintain a level of anonymity or privacy. I’m not a fan of the former, but that doesn’t mean that the latter should not be completely respected. Your boss likely knows your email address, as does your ex, and several other people that you might not want to be reading your tweets, or at least being able to definitively connect them with you.

As my friend Neil says:

I have no problem with someone authenticating their true identity privately with the provider. But I firmly believe that a person should be able to keep their true identity private from their online associates or lurkers.

And so, by being able to search by e-mail address, twitter has violated a trust – the trust given when the person signed up with the required e-mail address, assuming that information would be kept confidential.

To be fair, by providing us with this pop-up opt-out Twitter has taken some responsibility here. And the emails I received earlier in the week might have been part of their usual, stagger-in beta process where a few (lucky) users get their hands on the new stuff first. And we have been able to find users via their email address for some time. I have no problem with that, but there’s still something about this that makes me a little uncomfortable.

For starters, it’s on by default. (Update:  It’s marked on when you see the pop-up, but you are not automatically opted-in. See the comment below from Twitter product manager Josh Elman.)

I wonder how many will ignore the pop-up, or not realise the implications of being located using these methods. For many it won’t make a lick of difference. For some, it could be very important indeed.

I’m probably being a little overly paranoid and will perhaps adjust these settings in the future, but while I think it is somewhat useful for people you already know to find you within social networks, it’s not as important as being found by new people. Who won’t, naturally, know your email address or phone number, and so will have to find you because you’re standing out, by being interesting, useful and engaging.

My friends? They’ll probably ask me down the pub.

Cyber-bullying takes many forms. StopCyberbullying.org describes it as:

When a child, preteen or teen is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another child, preteen or teen using the Internet, interactive and digital technologies or mobile phones.

A study by the National Crime Prevention Council suggested that cyber-bullying affects almost half of all American teenagers. But it’s not just children who are at risk. Because it’s so easy to register an account on Twitter (and to do so anonymously), it’s also very easy to use that account for malice.

This would include attempting to hurt or embarrass another individual by:

• Sending provocative images
• Making overtly sexual remarks
• The use of hate speech or racism
• Making threats
• Disclosing personal information
• Defamation
• Faking or sharing images without consent
• Tweet-bombardment

Computer harassment is a crime in several US states, and cyber-stalking is classified as a criminal offense in the United Kingdom, and increasingly being perceived as such around the world.

Unfortunately, Twitter’s abuse policy is pretty lacking. Their TOS do not directly address abuse, but the official Twitter rules have a specific section for harassment and violent threats. What the organisation needs is a designated @abuse account, and ideally a checks and balances system for registration.

If you feel you are being bullied or victimised by another individual on Twitter, there are some steps you can take.

1. Block the account. This won’t prevent them from maintaining their behavioural pattern, but at least you won’t have to see it.
2. Report the user to Twitter via a help ticket. Be thorough, and include examples linking back to specific tweets where possible.
3. Consider sending a tweet to @delibus and @safety reporting the user
4. Make a backup of all abusive tweets using your favourite image software (i.e., Photoshop) as things can be easily removed by the other user. Your backup won’t be proof alone, but Twitter should be able to match-up your records with their own, even if the tweets have been deleted.
5. Highlight the abuse to somebody else that you trust. This person can later function as a witness.

While not reporting abuse in the hope that it will eventually ‘go away’ is not the best course of action, completely ignoring the abuser is an excellent choice. By not feeding the trolls, you can prevent an attacker from getting the things they typically desire, such as validation, a larger audience and even confirmation of the things they are saying. It also helps to reduce the chances of anything becoming public, primarily because it doesn’t become part of your own Twitter timeline.

That said, there can also be some merit in exposing the person publically on Twitter. This is not always ideal, certainly when your personal information has been exposed, but in some instances it can lead to an immediate end to the abuse, as well as providing a warning to others within your network.

Of course, even if the abuse stops, either because the other user gives up or Twitter suspends their account, this doesn’t prevent them immediately opening up another profile and starting over. If this happens, and until Twitter radically improves their blocking and safety measures, your only option may be to consider protecting your status updates. While this puts the social part of social media somewhat in jeopardy, this is a realistic solution if you wish to maintain a strong level of privacy on Twitter.

Back in August, I wrote an article that noted how Robert Scoble had unfollowed everybody on his Twitter network, and was basically starting over. This mass-unfollowing began to gain momentum around this time, and pretty soon several of the bigger names on Twitter, many of whom automatically followed back everybody who followed them, were seriously optimising their Twitter stream. Even Jesse Stay, whose SocialToo platform was the benchmark autofollower (but has other value), decided to start over.

Why? As I said at the time, Twitter simply doesn’t work when you follow thousands and thousands of people. And when you auto-follow, it’s even worse, as it won’t be long before the bulk of your stream is made up of spammers and bots, and even worse, internet marketers.

In the last week, both noted Silicon Valley blogger Louis Gray and Hubspot viral marketing scientist Dan Zarrella have also had what could be politely referred to as a ‘bit of a trim’. Louis’ follow-to-follower ratio has been 1:1 (or thereabouts) as long as I can remember.

Here’s what they’ve done over the past few days:

Scoble subsequently hand-followed over seventeen thousand users manually, and while he’s often the exception that proves the rule, the rest of these guys – Jesse, Louis and Dan – have taken Scoble’s lead and manually followed several thousand themselves, too.

And here’s the good news: because they’ve done this, it means you don’t have to.

What’s happened here is this group – and many others like them – have stripped away all the clutter and noise that comes from following everybody, which has then massively improved their signal and focus. Their network is now targeted and optimised. Everybody needs a follow policy, but this is particularly true for the thought leaders and influencers.

The best part is because these guys have adopted a targeted following system, you don’t have to follow everybody they do to get the access to all that good stuff. You just have to follow them. Collectively, Scoble, Louis, Jesse and Dan follow around thirty-seven thousand people.

To have access to all that rich information, you just have to follow four.

Sure, you won’t see everything they do, and you’ll naturally be exposed to their own bias and prejudices about what they decide to share, and what they decide to ignore. And this is where your own targeted following comes to the surface. Each of these guys are pretty sound, and I think come with a boatload of trust and clout. So I’m happy to follow all of them, and for what it’s worth, I give them my endorsement to you, too.

(It’s pretty much all tech, of course, but you knew that anyway.)

But you can’t just follow a handful of people on Twitter, as that’s worse, in my opinion, than following everybody. Where these guys have taken another look at their networks and essentially started from scratch, so can you. You don’t have to unfollow everybody to do this, either. Just take a day or two to carefully analyse your followers, making the cuts where necessary and appropriate. Don’t be scared – trust me, Twitter, your Twitter, will improve dramatically as a result.

For me, Twitter works best when I’m following three to five hundred people. For you, the magic number might be less than a hundred. Or no more than a thousand. Whatever that number is, only you can find it, and it’s absolutely worth putting in the work.

On that, I think when Chris Brogan finally caves, and gives up a sizeable chunk of that 108,529 on his following list – which really must be an absolutely nightmare, especially for a guy who’s all about engagement – then we’ll probably have the final piece of this cycle in place.

Brogan has written about how he likes to follow back everybody because it gives them a chance to contact him via direct message, which is admirable, but I know from personal experience of testing automatic follow-backs – even if they’re done on manual basis – that what you end up with in your direct message inbox is 90% spam, ‘thanks for following me’ auto-DMs and that TrueTwit validation nonsense that only mass marketers and spammers seem to use. And as a result, the direct message system just falls apart, as most of your day ends up being about clearing it out.

Brogan is one of few, bonafide shining lights in the world of social media, but if you take a moment to peruse his following list you’ll see how it’s made up of so many of the kinds of people the rest of us try to avoid (and usually block). It can’t be long until even he cracks. And the smart money will be on Darren Rowse next.