This morning we had one of those dreaded early morning snow storms. I pulled on my clodhopper shoes with the deep treads, cinched tight my scarf, donned my wool hat, and set out into the cold morning for my walk to work as the snowflakes pelted down.
About 20 minutes later — pretty much the standard time — I arrived at the office, face ruddy from the walk. As time passed I dimly became aware that other people were struggling to make it to work. When I heard a co-worker bemoan her two-hour commute, I realized that by walking I had dodged a bullet in the form of a rush-hour snow storm.
I hate to admit it, but I felt kind of good when I heard other people at the office tell their commuting horror stories. It legitimized our decision to move to German Village in the first place, because part of the motivation for the move was to avoid the ball-busting weather-delayed drives. I wouldn’t quite describe my reaction as schadenfreude — because I wasn’t exactly reveling in the misfortune of others — but it was similar, because I was feeling good about the action we had taken to avoid experiencing such misfortune myself.
Yesterday I got an email from Russell during the middle of the day at my work email address. Except it wasn’t really from Russell. It was a fake, undoubtedly sent by a crook somewhere out there in the digital world hoping to perpetrate a fraudulent scheme.
The scam is called “spear phishing.” The fraudster identifies actual email addresses that have legitimately communicated with you, then sends you an email that appears to come from someone you know. Because the email address looks genuine, it makes it past the spam filter to your inbox. You’re supposed to treat it with the speed and cavalier attention that most email receives and reflexively open it and click on the link that has been sent. If you do that you’re sunk, because the unthinking click installs malware on your computer that allows the scammer to capture personal information that permits him to make false charges on your credit cards, empty your bank account, and commit identity theft.
The key building block of spear phishing is the recipient’s reflexive, unthinking treatment of every piece of email that comes to the inbox. When I got the email that appeared to come from Russell, I immediately worried that there was some problem — but after that first instant of concern I noticed that the email address was an old one, and saw that the email itself had no message but just a link to some apparent healthcare entity, and my guard went up. Something about the email didn’t seem right. Of course, it was possible that it might be a real message — but just to be sure I sent Russell a text to ask if he had sent an email, and he responded that he hadn’t.
I try to be mindful of the ever-present risk of fraud on the internet. When it comes to email, I look for language issues in messages and weird combinations of addressees, and I never click on links sent in unanticipated emails. I also hope, though, that a special level of hell is reserved for spear phishers who misuse existing relationships to cheat the unwary out of their money and their private identities. In his Divine Comedy Dante consigned them to Malebolge, the Eighth Circle of Hell, where the souls of deceivers and fraudsters are constantly tormented by intensely painful, ever-burning flame. That seems about right.