Bank of America’s website and mobile apps are generally a showcase of best practices. The bank spends millions each year ensuring pixel perfect UI. But no one is perfect.

Looking at its Contact Us page today (screenshot above), we were glad to see options to reach out via Facebook Messenger or Twitter Direct Message. The Facebook instructions were pretty straightforward. Click the link and use the Send Message button.

But we were surprised to see incorrect instructions for doing the same via Twitter. The hyperlink leads to the public Tweeting function on Twitter.com. So instead of sending a private direct message to the bank, users may unknowingly be tweeting publicly to the bank. And since that type of Tweet doesn’t show on the user’s main timeline, but only on the “Tweets & Replies” timeline, users may not even realize they publically posted sensitive or embarrassing info.

Don’t make the same mistake. If you send customers to Twitter for support, make sure you say something along these lines:

On our <bank’s> Twitter page, click the Message button on the left. Then type us a confidential direct message, do not include any sensitive information such as account numbers or social security numbers. And Do NOT use the Tweet button or regular Tweet function, or your message will be visible to anyone who looks at your “Tweets & Replies” area.

Bottom line: Social media messaging is a good customer service option for many customers.

But you need to protect customers from themselves with plain language instructions and warnings.