Sign up for our newsletters Subscribe
I was about to check my e-mail this morning—and, boy, would I have been screwed—when the phickle phinger of phate intervened. I happened to see the New York Times story on the "rapidly proliferating" e-mail fraud that experts call spear phishing.
Whereas common phishing e-mails are sent en masse by pseudo-banks and Nigerian princes, spear phishing is much more sophisticated. The e-mails are “highly targeted pitches that can look authentic because they appear to come from a trusted source”—a coworker, friend, or relative—and “contain plausible messages,” the NYT said.
“It’s an e-mail from your mother saying she needs your Social Security number for the will she’s doing,” a security technology officer for a leading communications company told the Times.
I already was wary of my mother’s repeated e-mail requests for my SSN, in light of her death 12 years ago, but I will be even more skeptical of them now.
The cautious approach is clearly in order, and I recommend you take it every time. If you follow my example, you’ll avoid phoul play and possibly also some work.
I received an e-mail an hour ago from someone posing as Mara Shalhoup, editor of the Reader. "Shalhoup" was urging me to complete a certain story by a certain date, but I wasn't phalling for it. I simply deleted the message.
A few minutes later, an e-mail from "Jane," a purported spouse, reminded me to stop at the grocery on my way home this evening. The “shopping list” was attached. Trashed, for safety’s sake.
Then my “doctor’s office” suggested I pay a bill that’s only barely months overdue. Sounded phishy to me; deleted.
A “friend” inquired about repayment of a debt incurred at a poker game last weekend. I marveled at the spear fisher’s ability to discover the debt, then tapped “delete.”
Spear fishers, the NYT said, personalize their messages by gathering info on their targets from Facebook and other social networks. The targeting of senior managers and executives is known as “whaling.” Most of us aren’t important enough to be whaled—but for those of you who, like me, could easily be tadpoled, here’s some phree advice:
If you get phriended on Phacebook, be suspicious.
That suggestive e-mail from the attractive stranger is, alas, probably just spear phlirting.
Beware of anyone claiming to be a phederal ophphicial, especially if they say they’re with the PH.B.I.
Don’t trust anyone who offers you a deal that’s phucking golden.
Kids, if you read "Phe, phi, pho, phum"—relax, it's not a real giant. But on the downside, the tooth phairy won't even leave you a wooden nickel.