Tony Larks recounts a personal experience ….
Things move pretty fast in cyber space. We’ve all been pulled along on a web-based rollercoaster ride of technological ingenuity and innovation over the past 15 years, bringing us more and more ways to stay in touch and share our lives. It’s easier than it’s ever been to send a message, post a Tweet or status update or share a photo with friends and family. But it pays to stop and think too, because the bad guys certainly are.
Here’s a case in point. I decided to update my Facebook password recently – a good habit to get into every month or two by the way. Given the recent Twitter password breach, where the log-ins for 250,000 accounts were compromised, it made extra sense to exercise this kind of good virtual housekeeping. At 9.49am I received an email notification from Facebook checking it was me who requested the password change. At 10.01am I got a note from my email provider asking me to reconnect to Facebook, which I did. Job done.
At 13.48, however, an opportunist spam email from an online fraudster masquerading as a Hotmail admin notice asked me to re-verify my account. As it turned out, the email was pretty badly spoofed and easily detected as a fake, so I ignored and deleted it. Would you have done the same?
It’s easy to spot it now in the cold light of day as an obvious fake email designed to steal my log-in credentials. But following close after the other two emails, it proved pretty compelling and if I had been busy, caught on the move or distracted at the time, it may even have worked. This particular message was sent early on Monday, perhaps in the knowledge that this time of the week is often when users get around to some basic housekeeping tasks on their PC – clearing out emails, re-setting account and so on. In some ways spam in this context is like a very crude form of marketing – get the timing right and the bad guys stand a much greater chance of success.
So how do we stay safe from opportunist spammers like this? The most important thing is to stay vigilant. It’s easy, especially when we’re checking emails or surfing the web on our mobile devices, to get distracted, to click through without looking. Always stop and think, and if in doubt, ignore or email your service provider to check if they sent you such an email. If an online account is reset by your provider you’ll be asked to submit new log-ins on visiting their site anyway, so it pays to be cautious. Of course, also make sure you have up-to-date security software with cloud-based scanning capabilities. These should automatically block and malicious or suspicious links in emails or on social media.
