We are fooled by spam – we really are

I had a legitimate request to re-enter some credit card details the other day and still I hesitated. We are so used to these so-called phishing spam scams. So many of the details were legit – it was for an online backup service that I do use, that was the name of the machine that backs up to it, that was the right renewal date and the expired credit card number was correct – that I didn’t just chuck the email away. But I also didn’t click on it: I separately went to the online backup company’s website, logged in there and checked the details.

But apparently that’s unusual. And so unusual that I can’t brag about it: the odds are that I’ve been fooled by scams before and will again. Seriously. You get these stupid spam messages and you wonder how anyone can be taken in by them. Intellectually you realise they must be because the spam keeps coming, it must be worth the spammers’ time, but you will be head-jerk-backed shocked at how effective those emails are at getting people’s details out of them:

Even on the worst-performing phishing websites, 3 percent of users still submitted their data. On the most effective phishing sites, as many as 45 percent did.

Google notes in its write-up that this is big business for scammers, as one attacker can be responsible for millions of phishing emails.

Once a hacker is able to access someone’s account, they spend an average of three minutes figuring out how much it’s worth, and will apparently move on if the account doesn’t seem valuable enough. According to the study, hackers use Gmail’s own search function to figure out if an account is worth their time, looking for terms like “wire transfer” and “bank.”

What happens next probably won’t surprise you: The hacker tries try to get money from an account’s contact list. They send emails to the person’s friends, family and colleagues with fake stories like “we were mugged last night in an alley” in the hopes of getting them to send cash.

Google Study Finds Email Scams Are More Effective Than You’d Expect – Damon Beres, Huffington Post (7 November 2014)

Read the full piece for more details and some advice about stopping being scammed. Mind you, if you’re reading this and you also click through to read that, you’re probably more aware of the issue than most people. And being aware is a key protection.

Important: new Facebook hack

If it happens to you, this is how it goes. You get a friend request from someone you know – they may even be Facebook friends with you already – and when you accept it, you get a message asking how you are. If you reply to that, you’re now into a long conversation that says it’s about the CFDA. Reportedly that’s the Something Federal Domestic Assistance that offers grants and your friend says they saw your name on a list of people who are being awarded them.

I’ve never heard of this lot but I am applying for various grants to do certain projects and, I’ll put my hand up, I was fooled.

What happens next is that your pal says it’s best if they send you a Facebook link to someone else. I don’t want to name the one I was sent in case that’s another unfortunate soul being used, but when you click to send that person a friend request, they accept and suddenly you’re in a conversation with them too.

That’s where I got out.

Call me slow.

Especially as my friend is a poet and her messages were full of mistakes. I did just reckon she was in a hurry, but still, there are standards and she wouldn’t write like that.

So I’m slow and thick but watch out for it happening to you, okay? I don’t know where the story would’ve ended going but I don’t think the odds are high that we’d like it.