Ralph Gardner Jr: Gone Phishing
Here’s the email my wife and I received from our daughter, Lucy. “Our IT guy made us all take this spotting scams quiz so I thought you guys might want to try, because I have a sinking feeling that I’m going to have to be the one to un(expletive deleted) your accounts once you fall prey to scams… anyway, here it is!”I have no idea why my daughter gives me so little respect when it comes to technology. I consider my inability to problem solve, say, why I can’t get my phone to chime at an incoming message as proof of intelligence and talent, if not in the arcane field of adjusting the settings on one’s iPhone. I’ve got bigger fish to fry. For example, does technologically advanced life exist elsewhere in the universe and, if so, why would it waste its time contacting us?
I mean our species. Not people like my wife who still hasn’t mastered how to swipe upwards to access her phone flashlight.
The best explanation for our daughter’s condescension can probably be found in John Sebastian’s sentiment in Younger Generation, beautifully rendered at Woodstock in 1969: “Why must every generation think their folks are square?”
Indeed, I thought myself infinitely clever, scoring 100%, passing her test with flying colors. How did that happen? I didn’t open her email in the first place, recognizing it as a potential scam, albeit one disguised in the garments of backhanded filial affection.
Lucy agreed that my instincts were laudable but insisted that the email was legitimate – she’d had the same reaction when she received it from her organization’s IT guy – and that I should indulge her.
“Can you spot when you’re being phished?” the quiz begins. Or is it pronounced fished? “Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what’s fake?”
The first question was a Google doc email that contained a document titled “2021 Department Budget.docx.” along with the explanation “Hey there. Here is the document you asked for. Let me know if you need anything else!”
Obviously, this was fake. Nobody in a position of responsibility would ever let me anywhere near a department budget document. I’ve never ascended high enough in any organization to be read in on anything having to do with money. So I hit “phishing” rather than “legitimate.”
“Correct” came the answer. “You must have spotted the look-alike URL.”
I didn’t. I’m not even sure what a URL is.
Next question. “You’ve received a fax. Click here to view this fax online.”
This is obviously also fake. I can’t receive faxes. When I set up my printer I couldn’t figure out how to connect it to the phone. Besides, do people send and receive faxes anymore? I hit “phishing,”
Right again. “Well spotted,” the quiz congratulated me. “As you saw, the sender’s email domain is misspelled as “efacks.” To be honest, I didn’t spot that.
Question #3: “Hey, do you remember this photo?” The email’s sender is allegedly a friend from high school or college. I hit phishing and I’m right again. The quiz lauds me for spotting a URL slightly different than the school’s. I didn’t.
But what I always do these days when I’m suspicious is click on the email address rather than the attachment. I’d say I get an email every couple of days claiming that my AOL account has been hacked and frozen and I need click on the link to liberate it. I’m aware that having an AOL account marks you as a candidate for hospice, someone over whom last rights may shortly be performed. By the way, I have other, hipper emails accounts in case anyone dares to brand me as aged. But by clicking on the email address to see whether or not the email comes from AOL tech support you’ll find that the sender is something like Snookiebaby@thegym.com and delete it instantly.
Doing so lends me some of the pride I assume Defense Department spooks must feel hacking into Vladimir Putin’s Swiss bank accounts. Or more likely Fancy Bear, Russia’s cyber espionage group, successfully hacking into our power grid.
But before I could get too cocky I got the next four questions wrong. One informed me that my Dropbox was full and needed to be upgraded. I get those emails frequently and ignore them. But the sender turned out to be legitimate. Perhaps I’m prejudiced by my desire to avoid taking any action that threatens to incur annual fees.
Another question informed me that someone had stolen my password and told me to click on the link immediately. It was a phishing email. “In fact,” the quiz revealed, “this is almost identical to an attack used to successfully hack politicians’ emails.”
With due respect to my daughter, how am I supposed to protect myself if Russian cybercriminals are serious about accessing my account? Perhaps by avoiding email entirely or at a minimum acknowledging that all online communication is ultimately public and one should never include any information you wouldn’t feel comfortable reading on the front page of the New York Times. That’s always been my philosophy anyway.
The quiz ends by providing a link to Google to set up 2-step verification. In other words, they’ll send a code to verify it’s you. I clicked on that link. It seems to have been legitimate. So far my checking account hasn’t been drained. But that still doesn’t solve the larger issue. Convincing my daughter that I’m not as dumb as I look.
Ralph Gardner, Jr. is a journalist who divides his time between New York City and Columbia County. More of his work can be found at ralphgardner.com
The views expressed by commentators are solely those of the authors. They do not necessarily reflect the views of this station or its management.