I have received a lot of spam in my day, and I have looked at some of it to see what tricks the bad guys are playing. I received this e-mail on my phone this morning. Please note, it was in my Inbox, and did not go into Junk.
Does Microsoft use contractions? You’ve in place of You Have? Usually not… but the truth is there are a lot of cases where I have seen Microsoft try to get chummy with us. That is not a decider.
Do they send e-mail from microsoftexchange5297e09415b…? Usually not… but they certainly used to, so this is not really a guaranteed decider.
When I looked at it on my computer (in Outlook), it looked a bit different:
Wow… what a difference! But here’s the problem… how does the average layperson who may only check his or her e-mail on his phone know what to trust? It is getting harder and harder. For those of us who are tech savvy enough to know that you can press the e-mail address and see that it does not end in @microsoft.com, but in @bluemail.ch, we are good. My father would never know to do that… or even think that it might be an issue. Seeing this email on his phone he might wonder how eleven messages failed to get to him, and run to click.
I saw a debate on a Facebook group that debated the pros and cons of anti-malware software versus common sense and careful training. For the average user, anti-malware and spam filters should not be an option, it should be a requirement.
Then what? What happens if I (or my father) would have clicked on the Review Messages button? Well, I am not interested in trying it to find out… but I would not be at all surprised when one of the two things were to happen:
- The link would install malware on my phone, sending all of my information (including passwords for financial institutions) back to… whoever the scum behind the scam are; or
- I were taken to a page where I was asked to reconfirm my credentials… for security purposes.
Friends, the Internet is not a safe place. Every step you take on the net is a minefield, and around every corner someone is going to try to hijack your data. They are going to try to steal your identity and rob you blind.
The problem is worse than it sounds… if you are walking through Downtown L.A. and someone pulls a weapon on you and steals your wallet, watch, keys, whatever… you know. You get to a phone and call the police, and then you cancel your credit cards and get a new driver’s license. When you are robbed online you do not know until you realize that your credit cards are maxed out and your credit score is ruined.
When I talk about the Wild West, I am not kidding… there may be a sheriff in the occasional friendly town, but for the most part you are in the wild, and the banditos are everywhere… and there is nobody you can call and if there was there is nothing they can do.
So what do you do? You have to arm yourself… with knowledge. You have to be ever-vigilant, you have to know how to protect yourself… you have to know what alleys not to turn down, what rivers are safe to cross, and where there be dragons and only the fools dare go. Several years ago I developed a ninety-minute lunch-and-learn session called ‘How to Scare the @%!# Out of End Users.’ It was a session I delivered for a client whose systems had been hacked because of careless user activity… sort of like closing the barn door after the horses left, but it would have helped them going forward, Maybe it’s time I – or someone – develop a similar session to protect people on-line.
Who’s it going to be?