Yesterday I got an email from Russell during the middle of the day at my work email address. Except it wasn’t really from Russell. It was a fake, undoubtedly sent by a crook somewhere out there in the digital world hoping to perpetrate a fraudulent scheme.
The scam is called “spear phishing.” The fraudster identifies actual email addresses that have legitimately communicated with you, then sends you an email that appears to come from someone you know. Because the email address looks genuine, it makes it past the spam filter to your inbox. You’re supposed to treat it with the speed and cavalier attention that most email receives and reflexively open it and click on the link that has been sent. If you do that you’re sunk, because the unthinking click installs malware on your computer that allows the scammer to capture personal information that permits him to make false charges on your credit cards, empty your bank account, and commit identity theft.
The key building block of spear phishing is the recipient’s reflexive, unthinking treatment of every piece of email that comes to the inbox. When I got the email that appeared to come from Russell, I immediately worried that there was some problem — but after that first instant of concern I noticed that the email address was an old one, and saw that the email itself had no message but just a link to some apparent healthcare entity, and my guard went up. Something about the email didn’t seem right. Of course, it was possible that it might be a real message — but just to be sure I sent Russell a text to ask if he had sent an email, and he responded that he hadn’t.
I try to be mindful of the ever-present risk of fraud on the internet. When it comes to email, I look for language issues in messages and weird combinations of addressees, and I never click on links sent in unanticipated emails. I also hope, though, that a special level of hell is reserved for spear phishers who misuse existing relationships to cheat the unwary out of their money and their private identities. In his Divine Comedy Dante consigned them to Malebolge, the Eighth Circle of Hell, where the souls of deceivers and fraudsters are constantly tormented by intensely painful, ever-burning flame. That seems about right.
Every city has a “bad neighborhood” — a squalid, dark, depressed area where sullen people are roaming the streets and the unwary stranger can easily be the victim of crime. It turns out that the internet is the same way.
The hope is that the study will allow internet security providers to better understand the sources of malicious email and further refine filters to try to block the efforts of spammers and fraudsters. It’s a worthy goal, but I’m not holding my breath. There have always been people who would rather hoodwink people than earn an honest living, and the internet has provided them with a vast new arena in which to ply their criminal trade. If they can’t use that “bad neighborhood” in Africa, they’ll just find another “bad neighborhood” somewhere else.
The emails offer people the opportunity to participate in a program where the federal government will supposedly pay your summer electric bills. All you need to do is provide your Social Security number and bank routing number, and your bill supposedly will be paid. Of course, there is no such federal program, and once you provide your Social Security number and bank account information the scammers will empty your account and take you for all you’re worth.
What’s sad about this isn’t that crooks are preying on innocent saps — that’s been happening since the dawn of mankind — but that people are being duped by the ploy because it has the air of plausibility. With all of the stimulus programs and bailouts over the last four years, wide swathes of people evidently find it entirely believable that the federal government will pay your utility bills, just like it bailed out banks and GM and made stupid loans to companies like Solyndra.
Don’t you find it troubling that rational people could believe that such a program might actually exist? We’re rapidly becoming a nation of greedy suckers.
There is this guy named Williams Yee who has been sending me emails for months now. I don’t know who he is, or where he lives. And the email is always the same! It reads:
I am contacting you in regards to a breach of business loan agreement with a client in your locality. I provided a loan to the company so that they can meet up with their management and operational obligation during the rough economic climate of last year. I provided the company with an emergency loan of $270,500 with a term of 12 months and fixed interest rate of 7.0%. The repayment period has since elapsed but the company has been unable to finalize the repayment of the loan and have only paid $90,000.00 till date.Let me know if this falls under the scope of your practice so that I can provide you with more information on this matter.
At first I just ignored these emails, but now I am troubled. Poor Williams Yee! He needs help! Can’t any “counsel” in this “locality” help Williams Yee as he tries to collect from the “company” that needed his “emergency loan” so that it could “meet up with their management and operational obligation” but now has stiffed him? With so much detail, provided by the unduly trusting yet obviously wealthy Williams, surely there is a “counsel” who would help him right this colossal wrong!