You are going to receive this Direct Message (DM) sooner or later. Perhaps you will also meet its cousin, “Hey this person is spreading horrible rumors around about you!”
People immediately think the account sending this is spam or hacked. More likely, the sender just happened to authorize a bad application. Each time you use a Twitter application you need to authorize it to use your account. Some bad apples use this opportunity to send DM spam. You won’t see these messages being sent until somebody tells you, which is why it is so important to alert folks who are sending DM spam.
The solution? The person who sent the DMs must check and revoke any applications they don’t know, trust, and use here: https://twitter.com/settings/applications
You are looking for something that has the following Permissions: “read, write, and direct messages.” Simply click “Revoke access.”
It is also a good idea to change your password.