This appeared in my email this morning as I scanned the inbox on my iPhone for whatever came in overnight.  

Now, being an IT professional with a number of network security certifications the chances that I would actually fall for this are essentially nonexistent . . .  yet I will admit that my initial gut reaction when I saw the message was something like, “Oh crap – how did this happen.”

In the amount of time it took for a few of my pre-caffeinated neural synapses to wake up I actually wondered why PayPal would have closed my account.  In a post French-roast state this might have been milliseconds – but as I had not made it down to the kitchen to visit Mr. Keurig yet it might actually have occupied my mind for several entire seconds.

And so I understand why people fall for emails that, to me, are obviously phishing scams.  I know that PayPal would never send out such a message with a blind link requesting that I reveal my credentials.  I know that PayPal would never just “close my account” because of suspicious activity.  I know that credit card providers don’t share information about unusual charges on my account with merchants like PayPal.  I also know that legitimate emails from a company like PayPal would not be replete with multiple phrases written by someone who could obviously benefit from an extensive remedial course in sentence construction.

There are plenty of other clues that email messages like this are an invitation to create serious havoc in your life.  So as a public service I will use this as an opportunity to remind all those who happen by of a few basic rules to live by when messages like this manage to sneak past your junk-mail filter.

  1. Never follow a link in an unsolicited email to a page where you will be asked for ANY sensitive information including user names and passwords.
  2. Never follow a link in an unsolicited email that seems out of context for the sender.
  3. Remember that legitimate financial institutions and vendors will NEVER send out a message like this.  If you suspect that such a message might actually be legitimate, close the email, open your browser, and go to the site yourself like you normally would.  NEVER USE THE EMBEDDED LINK IN THE EMAIL.

And finally, a note about passwords.  I know it’s a pain in the rubber parts, but please do yourself a favor and develop good password habits.  The following rules apply to any account you have that you don’t want some Ukrainian wiz-kid accessing.  This obviously includes things like online banking accounts, merchants that might store your credit-card information, email accounts . . .  essentially any account that you care about:

  • Use a unique password for each account.  NEVER use a password for your online banking account or an account like PayPal for ANY OTHER PURPOSE.
  • Don’t use trivial passwords like 12345 or (God forbid) “Password”
  • Don’t use common words, your spouses name, your birthday, or the name of your pet.
  • Do use combinations of different character types.  Mix uppercase, lowercase, numeric, and symbols.  More and more sites are actually requiring this now.
  • The longer the password the better.  Eight characters containing a mix of upper, lower, numeric, and symbols is a bare minimum.

Periodically check your account names with sites that track known breached accounts.  This one is pretty good:

Oh yes . . .

Never start responding to emails before your first cup of coffee, or after your second glass of wine.



2 thoughts on “One Born Every Minute

  1. Hey there Jeff. I know what you mean. Now that I am almost 63 years old, just about every phishing scam you can imagine shows up on my computer, and my telephone is peppering me with scams. The most recent one entails an individual who calls up to tell me that I owe some business a large amount of money on an unpaid bill. It seems to be getting worse. It chills me to think how many elderly people who are just entering some stage of undiagnosed dementia or Alzheimer’s disease fall into these traps.

    • Hey Tracy –

      Welcome. I’ve been guilty of blog-neglect for the last couple of months while studying for a couple of professional certifications I need at work. It’s easy to quickly comment on other blogs – takes a bit more effort here as I’m still trying to get a sense of where I am going with the concept of DPS.

      And yes, the highly vulnerable like those you mention are all too often the victims of these scams, but you don’t have to be on the verge of cognitive breakdown to fall into the trap. Scams like the one I posted can easily catch just about anybody who is trusting, and not particularly tech-savvy. I’ve seen some pretty bright and capable people get into serious trouble because these emails can look pretty convincing.

      Again – thanks for the visit and the comment. I’ve got one more exam to pass and should have my life back again in the next week or so.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>