Well, it appears that the world failed to end.
On the other hand, my email account got hacked and it was my fault. And
then my account was used to send out phishing email just like the one I'd
fallen for. All I can say in my defense is that I was very tired and was
just checking email before logging off and going to bed, so I was not very
alert. (Yes, and I was also stupid.)
Let me show you what happened...
I scrolled down through the in basket in one of my email accounts and I came upon what appeared
to be a letter from a friend. The Subject field was RE: Jim Hey. A lot
of people -- me included -- frequently just sent email back and forth by clicking Reply.
This is often done even when the email is on a completely different topic than the original.
(Hackers, of course, know this. That is one of the ways they use psychology to catch us. Also,
note another bit of psychology here: my first name appears in the Subject field.)
So I opened it and read the single line of content. Again, psychology,
the use of first name in that sentence. (Note: I've blacked out names and
addresses in this entry.)
It looked suspicious to me.... but... I do get email from this person on
a regular basis for a number of reasons. She is a friend of Nancy's, she
is in a writer's workshop that Nancy and I (and Jill) sometimes meet with
to read and critique each other's work, and she is the secretary for the
friends of the library. So sometimes I don't hear from her for a week or
two and other times when I might get three emails in the same day, each
for a different reason.
I am distrustful of any email that just says to look at a particular website.
(Sometimes I get one of those emails that says I have to do something with
some account and please click here to go to their website and it looks
like a link to that bank, I might amuse myself by putting the cursor on
the link and I can see at the bottom of my browser screen that it really
is a link to someplace in Eastern Europe or some Pacific island nation
-- and then I delete the email.) In this case, as you can see, it appears
to be a link to a Microsoft website for MSNBC. So I put the cursor on the
link and the URL shown on the bottom of my browser window was exactly the
same as in the body of the email. So, it was not going to reroute me to
some offshore site.
And, thus, they got me to fall into their psychological trap. The friend
whose email address this came from is a freelance writer and part-time
journalist who would be interested in a better job. And so I persuaded
myself that she must have wanted to show me some article or news story
that she had found related to jobs and she wanted my opinion on it. They
had managed to get me to explain it to myself.
So I clicked on the link and fell into their trap just like some newbie
with his first computer. The site opened up and it looked like some of
these news magazine pages divided up into boxes with captions but it was
more like a dummy page with no real content -- and I immediately closed
that tab. I realized that I had been very dumb, but there seemed to be
nothing wrong... so I shut down and went to bed.
The next afternoon I checked my email and read this note.
Ah, so it had been a phishing email... but fortunately, it hadn't done anything,
right? Wrong. Then I noticed a number of Failure Notices... I have some invalid addresses in
my contacts list, ones for people
who had given up one address for a newer one. I also have some out-going-only
addresses for various newsletters I read. I have the addresses in my contact
list so that Yahoo doesn't treat them as spam, but those addresses can't
receive emails, so any mail sent to them will bounce.
This was an old email address of my brother's, from a website that has
not existed in years, thus the phish email bounced. That was the header
of the Failure Notice. I'll skip a bunch of stuff to get down to the bottom
where it showed me the message that had bounced.
The malware had taken his first name from my Contacts list, made it seem
as if this was the latest in a series of emails between us... and then
the content: "hi Charlie let me know what you think of this"
followed by that same URL.
I immediately tried to send a warning message to people on my Contact list -- but I couldn't.
Something -- perhaps the high percentage of Failure Notices? -- had made Yahoo block outgoing email
from my account. So I changed my password and a lot of account settings (new identification questions,
etc.) but I still couldn't send email. Then, finally, when I attempted to send email instead of blocking
me, it demanded that I prove I was a human being by typing in the letters and numbers shown in a graphic.
For a while, I had to do that for every email, but finally I guess Yahoo decided that I was a human and
it stopped asking me to prove it.
My apologies to anyone who got one of these phishing messages from my account.
I hope you were all smarter than me.