I know it’s no laughing matter, but I have to admit I thought it was a little bit funny. I have this friend who just had her email hacked—after which every contact in her email address book (hundreds) received a mysterious message. The subject line simply read, “HELP!” And the body of the message relayed, in grammar and punctuation that was less than perfect but far from atrocious, that she was in crisis. It seemed she and her family, while on vacation in Scotland, had just been mugged at gunpoint. All wallets and tickets were stolen. They apparently had no help with their credit card companies, and now they couldn’t access enough money to purchase their new tickets back home. They needed some “financial assistance.”
To me, the message was blatantly fake. That might be due in part to the fact that my husband makes a living as a network security director. It might also be due to the fact that this particular friend is also my neighbor, and that very day, my mother-in-law was babysitting her children. I knew they weren’t on vacation anywhere, let alone in Scotland. Yet throughout the day, I received multiple calls, emails, and in-person questions from people who just needed to be sure this wasn’t real. My friend had the same experience; her cell and home phone practically rang off the hook all afternoon, largely from people she hadn’t spoken with in forever, who thought it was a hoax but were willing to help if it was real…but they weren’t certain.
That evening, as my friend and I sat with our husbands over a beer, we commiserated about this awful email hacking problem. We all know someone who’s been through it. The victims always wonder what they did wrong, why were they targeted, what do they cancel, and are they safe? My friends had to cancel numerous things, change email addresses, chide Google (who was rather unhelpful, to say the least), and generally step up security—it really was not funny. It was a violation.
Except, on one level, it was slightly comical: How ironic that, some 15 years after most of us ought to have formed a rather intimate relationship with communication via email, we still have just the tiniest smidge of difficulty discerning truth from fiction when corresponded with electronically.
Ah, email. You clever, handwriting-less, tone-less, ambiguous faux letter, you. You trick us with your convenience, your speed, your seeming efficiency. But how many times have we—as employees, friends, or family members—been just a teensy bit baffled at that double exclamation point, the random winky face, or that one correspondent who insists on using ALL CAPS? Is that anger we read? Humor? Condescension? Flirtation?
So, sure, I get it. You see an email from a close friend, or maybe just the agent who sold your house a few years ago, and it says, “HELP!” and begs you, in a roundabout, quasi-plausible way, for money. And it doesn’t tell you where to send it, and it seems…well, it’s Scotland. We’re in Southlake. It seems like a place that someone you know might go on summer vacation. More believable than, say, Nigeria? I don’t know. It’s just enough to confuse you. So you write back, and you ask, “Is this for real?”
And then they have you. Ta-da! They immediately follow up with instructions on how to get the money to them, maybe drop a few more tidbits they picked up from your personal profile on email, or the Facebook account they also hacked into, enough to convince you they’re legit, and they get $50 from Aunt Beatrice and $250 from your old college frat brother, and so on… and that’s how they do it.
There are several morals to this story:
1) The cynics out there (ahem, my husband) will tell you first to never, ever use (or repeat) a simple, predictable password for any account you use online. You can download an application called a password manager that will randomly generate and then store all your passwords for you. You won’t ever have to create or remember a single one. I personally think this won’t do much to protect you from those who just buy illegal password databases on eBay (yes, they do that!) or the “bots” (the automated programs that spew out possible letter/number combinations between usernames and passwords until they reach a match), but I suppose it’s sound advice. Remember that a password broken in a “harmless” account can many times open a path to a more valued account. If you are ever hacked anywhere, change ALL of your passwords.
2) Just as important as the whole password thing: Try not to check private accounts when you’re communicating over an unsecured network. I’m talking about that bookstore or coffeehouse with public WiFi when you’re on your laptop or cell phone. The walls have ears, if you catch my drift. Paranoia? Perhaps. I’ll let you talk to my friend about that.
3) Tell all your friends, relatives, coworkers, and neighbors that you will never, ever send them an email asking for money if you are in a serious jam. That’s why we have cell phones, pay phones, police stations, and the like. If you’re a James Bond type and envision some dastardly scenario in which there’s a fraction of a chance you might EVER ask for cash by email, come up with a passphrase that only you and your close friends and family—you know, the ones you might actually go to in a pinch—will know. The hackers are getting better at their English grammar, and one day, they might confuse even the most cynical among us if we don’t have an extra safety measure in place.
4) Trim your contact list. If you’re going to get hacked, do you really need the 800 people you emailed over the last 10 years to know about it? It’s not a Facebook friend count, it’s your address book. No prestige here, folks.
5) Practice good email etiquette. If you are going to communicate by email, then learn how to write it and read it. Believe it or not, there are entire books written on the subject. Because we cannot gauge handwriting or hear voices, we have to rely on the visual in email: punctuation, capital letters, the use of images, and so on. Establish an email identity for yourself that’s uniquely yours—akin to the way you’d wave your hands while telling a story, or dot your i’s and cross your t’s. The people you correspond with will learn how to understand your tone by your consistency, and they’ll never confuse you with a spam artist.
All the security stuff aside, I should mention that I’m writing this from Brazil, where I happen to have misplaced my purse, and I was wondering… could you send me some money for a 5-star hotel?