Fortunately, victims can revoke API access relatively easily by navigating to their Twitter settings and disabling the connected app. It is advisable for all Twitter users, whether targeted by this phishing campaign or not, to regularly review their security settings for good internet hygiene.