fraud

I had a legitimate request to re-enter some credit card details the other day and still I hesitated. We are so used to these so-called phishing spam scams. So many of the details were legit – it was for an online backup service that I do use, that was the name of the machine that backs up to it, that was the right renewal date and the expired credit card number was correct – that I didn’t just chuck the email away. But I also didn’t click on it: I separately went to the online backup company’s website, logged in there and checked the details.

But apparently that’s unusual. And so unusual that I can’t brag about it: the odds are that I’ve been fooled by scams before and will again. Seriously. You get these stupid spam messages and you wonder how anyone can be taken in by them. Intellectually you realise they must be because the spam keeps coming, it must be worth the spammers’ time, but you will be head-jerk-backed shocked at how effective those emails are at getting people’s details out of them:

Even on the worst-performing phishing websites, 3 percent of users still submitted their data. On the most effective phishing sites, as many as 45 percent did.

Google notes in its write-up that this is big business for scammers, as one attacker can be responsible for millions of phishing emails.

Once a hacker is able to access someone’s account, they spend an average of three minutes figuring out how much it’s worth, and will apparently move on if the account doesn’t seem valuable enough. According to the study, hackers use Gmail’s own search function to figure out if an account is worth their time, looking for terms like “wire transfer” and “bank.”

What happens next probably won’t surprise you: The hacker tries try to get money from an account’s contact list. They send emails to the person’s friends, family and colleagues with fake stories like “we were mugged last night in an alley” in the hopes of getting them to send cash.

Google Study Finds Email Scams Are More Effective Than You’d Expect – Damon Beres, Huffington Post (7 November 2014)

Read the full piece for more details and some advice about stopping being scammed. Mind you, if you’re reading this and you also click through to read that, you’re probably more aware of the issue than most people. And being aware is a key protection.

On April 8, 2013, I received an envelope in the mail from a nonexistent return address in Toledo, Ohio. Inside was a blank thank-you note and an Ohio state driver’s license. The ID belonged to a 28-year-old man called Aaron Brown—6 feet tall and 160 pounds with a round face, scruffy brown hair, a thin beard, and green eyes. His most defining feature, however, was that he didn’t exist.

I know that because I created him.

How to Invent a Person Online – Is it possible to be truly anonymous in the digital world? – Curtis Wallenjul, The Atlantic (23 July 2014)

It’s like a modern Day of the Jackal. A riveting and just a little bit eye-popping account of creating a fictitious persona. Do read the full article.

William Gallagher

How to be a productive writer and when not to be

We are fooled by spam – we really are

I am not a number. I am a free (fictional) man