We want our community and the broader web3 community to become bullet proof when it comes to setting themselves up for success and scam avoidance in the space. Although historically we've seen the largest vector of attack occur out of discord, Twitter is creeping up, in a big way. 

Let's learn how to make ourselves less susceptible to Twitter scams with 5 easy settings changes! Get to the settings menu by clicking “More” (if you are on desktop) → Settings and Support on your Twitter page, then follow the bolded italicized paths below to change these settings!

1. No Message Requests From Everyone

Privacy and Safety → Direct Messages: Similar to the advice we give in our classes for Discord, disabling your DMs for those who do not follow you is highly recommended, especially for those who don't have to act in an inbound support role. If someone really wants to DM you, they will first @ you on twitter, and you can decide from there.


This is how I have my DM settings configured. We recommend you do the same!

2. Use Better 2FA

Security and Account Access - > Security → Two Factor Authentication: We did a long article on broad social media security, here. A key takeaway from here though is that phone number multi-factor authentication is very easy to bypass and compromise. We suggest folks get a Yubikey or use an app-based solutions like Google Authenticator or Authy! In some cases, you can even use your hardware wallet as a second authentication factor (FIDO 2FA for Ledger instructions)!

Security Key is best, but Authentication app is fine, just make sure you secure those backup codes!

3. Manage Your Muted Notifications

Privacy and Safety → Mute and Block → Muted Notifications: Did you know you can limit what appears on your timeline? One of the biggest scam vectors is mass-tagging in scam links that are disguised as giveaways or similar. At the very least I recommend you limit notifications from, in order of priority:

1. New Accounts - a lot of these accounts get banned quickly. If someone is new to twitter, they probably shouldn't be spamming you right away, right? This behavior is not normal.
2. No Confirmed E-mail - Though it likely won't stop a lot of spam/scammers, it is something every legitimate Twitter use does.
3. Default PfP - This is the NFT space. If you don't have a PfP, what are you even doing? Again, doesn't stop a lot of spammers, but its an easy toggle!
4. People Who Don't Follow You - This one is more contentious, and you'll definitely miss some alerts here, which is unfortunate, but if someone really wants to get a hold of you, they are probably already following you, or they'll follow you first!
5. No Confirmed Phone Number - Although this is a great idea, some people don't confirm their phone number, and Twitter already does a lot to limit and scrutinize these types of accounts. I recommend it, even though I don't personally have it on.
6. People You Don't Follow - The nuclear option. If you are just drowning with spammers and scammer alerts, this may be necessary to flush them out. Some influencers also recommend turning your account private temporarily to try and get rid of them as well. Only do this is you REALLY want to lock down what you see.

This is how I have my personal settings configured. But I'd recommend the phone number one as well!

4. Audit Your Connected Apps

Security and Account Access → Apps and Sessions → Connected Apps: Connecting to apps can seem all fine and good, but sometimes it is worth doing an occasional audit over what you have given access to over the years, and if those services still exist, or if the risk profile of your account access has changed. For example, if these services get hacked, or your account on these services gets hacked, they may be able to impersonate you. 

Make sure wherever you have write access provisioned that it is an extremely reputable service, and that you protect your account that has write access to your Twitter at least as well as your protect your Twitter account!

A list of services that has access to Feld's Twitter account
 

5. Use The Quality Filter

Under Notifications → Filters , using the Quality filter can help rid your timeline of duplicate and spammy tweets. It isn't perfect, but it will improve your Twitter experience if you don't already have this enabled!

A simple quality filter may not be that effective today, but any reduction of spam is a good thing in our opinion!

And that's it! Have any other suggestions for us or settings that you have configured on Twitter? Tweet at us @BoringSecDAO! 

Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .