A Toe-Curling Phishing Attempt

The other day I got a phishing email at work. No surprise there, everyone gets phishing email as a matter of course. But this email was especially insulting because it was clearly age-related, and suggested that the sender was specifically trying to target those of us who have been around the block a few times.

The phishing email purportedly advertised a “New Toenail Clipper.” That’s an immediate ageist tell: the youngsters out there, still possessed of the flexibility that accompanies the dew of youth, probably can trim their toenails with their teeth. A toenail clipper solicitation can only be aimed at the geriatric brigade.

And the email went on to make the intended target audience even more obvious, using phrases like “Do you have pain when trying to clip your nails because of arthritis or other problems?” and noting, in bold face type, that the advertised clipper would make trimming toenails “easy for everyone.” The clipper had an “ergonomic design,” the email said, that would make it “EASY and SIMPLE to clip toenails without painful pressure.” And the clipper even had a built-in light to help those with dim, failing eyesight make sure that they were cropping off a nail and not lopping off a toe itself. And to top it all off, the email offered the opportunity to get this miracle of modern toenail engineering for 57% off.

Why do I know this was a phishing attempt? Because I’ve never done any shopping that would elicit a toenail trimmer solicitation, no brand was mentioned, the email came from an email address that included the word “phamgiang,” and the big inducement was to get me to click on an unknown link. Other than those obvious clues, it was a pretty sophisticated phishing attempt, complete with color photos and without the misspellings you typically see in phishing efforts. The sender didn’t know, however, that this particular recipient would be offended, rather than enticed, by a blatant age-targeted email.

Still, it’s a good lesson: when it comes to phishing, you need to be on your toes.

The Bad Guys Out There

Every day, at the office, I receive multiple obviously fraudulent emails, and our IT department regularly sends out notices to advise us of still other phishing attempts that are being sent to our attorneys. And the fraud attempts aren’t just limited to my email, either–it seems like at least once a week I get a phony text, or a phony Messenger message, or a phony friend invitation from an unknown person or former Facebook user who I know for a certainty has passed to the Great Beyond.

In short, my own personal experience teaches that there’s a heck of a lot of fraud out there. Fortunately, most of the fraud attempts are easily detectable if you are just paying attention to the basics of sound data security practices–don’t click on whatever random link you might receive, be suspicious of email from people you’ve never heard of, watch for misspellings and weird language choices, and so on–but still, there is a lot of it.

This regular confrontation with attempted criminal activity is weird, when you think about it. Many of us don’t have any contact with crooks in our daily, non-electronic lives. But now, thanks to the technology that often seems to dominate our existences, new virtual doorways exist that might allow the bad guys to enter and bilk us out of our hard-earned money, steal our personal data, or even take our identities. Every day, on our devices, it’s as if we are walking through dark alleys with unknown people lurking in the recesses and shadowed doorways. And we know they are there, because every day they are sending us those messages that affirmatively remind us of their nefarious existence and criminal intent.

Are there more criminals out there than there once were, or do electronic processes allow the crooks to reach out and touch more people than could occur in the pre-electronic era? My guess is that it is a bit of both, and that a lot of what we are receiving comes from anonymous fraudsters in countries so far away that we never would encounter them but for the internet. Whatever the answer might be, it’s up to us to stay on guard, be vigilant, exercise good judgment at all times, and clutch our data tight when we walk through Internet Alley. It adds a new element of stress to the modern world, where a fleecing may be only one click away.

Bottom Phishers

The IT Department at our firm periodically sends out notices about the latest email phishing scams that are making the rounds. “Phishing,” for those of you who are unfamiliar with the term, refers to the efforts of fraudsters to send out emails that purport to be legitimate — like, say, a notice from a reputable bank. The phishers hope to get you to click on a link that either allows them to inject malware into your computer system or asks you to provide personal information, like Social Security numbers or bank account information, that they can then use to defraud you.

In short, phishers are fraudulent scum.

But they are creative, and they make efforts to try to keep up with what is going on in the world. Yesterday, for example, the notice from our IT Department concerned a new phishing email that tried to get the recipient to click on a link that purported to provide information about COVID vaccine scheduling. Like many phishing efforts, this one was oddly phrased and not written in the King’s English and wouldn’t fool most people — but all it takes is a few credulous or concerned people clicking on the link and the fraudsters are off to the races.

As I read the notice from our IT folks, I wondered about what kind of low-life loser would try to take advantage of a global pandemic that has killed hundreds of thousands and the interest in being immunized in order to commit fraud and steal money from worried people. If phishers are low-life scum — and they are — then any phisher who would based a phishing effort on coronavirus vaccine distribution is the lowest of the low. You might call them the bottom phishers, which is apt because the fish that live at the bottom of the ocean are typically the ugliest fish of all.

Don’t be deceived by bottom phishers. If you get an email about a vaccine, don’t just click on a link — call your doctor instead.