If you receive a Direct Message on Twitter saying “hey someone is making up shocking posts that are about you…” (or similar) it’s SPAM and you shouldn’t click on the link.
It looks like this, I’ve received 2 instances from seperate accounts in the last 12 hours:
On both occasions the message was sent as a Direct Message not a @mention and the link is a bit.ly style link that doesn’t reveal its source until clicked.
The best course of action, as is always the case if you’re not sure, is to DELETE the DM and politely inform the holder of the account that they should update their password.
UPDATE: It appears once the account has been compromised the bot sends out tweets from it like this:
Best course of action in this case is simply to ignore that Tweet.