After reading Maxwell MacLeod
in last week's Cafe, I decided I must share what happened to me recently. I used to buy software for a living. I am fairly IT savvy and keep up to date with all info regarding technology so I thought I was safe from scammers. The online systems we need to manage our lives tell me my passwords are 'strong and secure', so my worry is that they fall into, or rather, are stolen by nefarious hands.
The first inclination something was amiss was when I received a text from my wife while she was at work. This never happens. She asked if I had sent her an email. I had not. Then I logged online and saw emails and Facebook messages asking the same thing. The emails showed the email I was supposed to have sent. The title header was 'a request to ask' and the text read as:
Please leave a message when you're accessible via email.
If I received an email like this, I would immediately think it was junk mail, or a scam of some sort. However, several people I know were fooled and replied saying they would contact me when they were available. To date, only a handful replied to me and asked if I had sent it, ie., they also smelled a rat, probably as the text was not in my usual informal style. I therefore informed them that it did not come from me and that I had been hacked. To cut a long story short, I contacted my ISP and they helped dig into my email account and reset it as the hacker had blocked my email account and I was unable to use it until they reset it.
The next task (apart from replying to all the emails from friends) was to ascertain how they managed to steal my email info. Then it dawned on me. Every month I receive an email from my ISP. In the header it has 'Your bill is ready' and I log in to view and download it. Some of you will no doubt receive a similar missive, such is the way of the world we live in, it is virtually impossible not to use at least one of the online services from your bank, energy provider, ISP, etc.
I scanned the last ISP email for any clues. The text looked much the same as it does every month, the branding colours were the same and the text looked legit... then I spotted it, the telltale indicator of a hack or spam email... at the bottom of the email some of the English alphabet was replaced by what looked like Cyrillic. I could feel the sweat on the back of my neck and the hairs on my arms tingle. What if they had access to my inbox, or worse still, my PC?
Then I scanned the email again from top to bottom and compared it with the normal email. The email had originated from an individual's gmail account not my ISP. At first, I thought this person was the hacker, but it's more likely that they were the last person to be hacked or spammed.
So, the moral of this story is to be aware, be very
aware what you click on via an email, especially if it has been sent by somebody or an organisation you normally receive emails from. Thankfully, apart from spamming my friends and having my contacts' email addresses, no harm has come to anybody. Apparently, they just use the email addresses to ask for money which most people ignore and delete.
What really got me thinking about all of this was the clues and how to spot them.
1. Who the email originated from. Always always, always check where an email has originated from.
2. Read every word, even the boring legal stuff in the small print... twice.
3. Try to make your emails to friends and people you deal with less formal, so they may work out it hasn't come from you. Always use the person's name or nickname.
Maxwell's article was about AI and the binary direction of our journey in this new world. When I tried to contact my bank about the hacking, I encountered more binary hurdles. None of the options I was presented with on the security section of their website fitted with my issue. Their online help guided me towards totally inappropriate 'fixes'.
Their online chat was not helpful and ended our session as I typed 'this is useless'. Up popped a text box saying the call will be handed over to Sean. Who never appeared and I was timed out. Even after phoning the bank, waiting for 20 minutes and eventually getting through to a human, I only managed to say my email has been hacked and the line went dead, so my bank still don't know.
It's ironic that as a species we are becoming less binary while the online world we are forced to engage with only operates in binary. Unfortunately, and this is where AI comes in, my last point above (3) will be easily incorporated into AI and then what defence do we have? In fact, how do you know that this article was not written by ChatGPT?
If you would like to contribute to the Cafe, please email your comments to firstname.lastname@example.org