Before you click on it.
Right, right, I know you already know this, and I may be wasting 10 minutes of my life writing this but let me tell you the last “phish” attempt on my life.
First, and the more important takeaway. If you are like me, your parents are of the yestertech generation, so protect them cause they have no idea the lengths and depth of the new world threat on them. Remind them and tell them how these con artists use all at their disposal to get tiny pieces of information over a long period of time. It is not just a single act. That they use psychology and micro truths to get pieces of the identity puzzle; for heaven's sake, they should never answer a call from “unknown” callers, no matter what. That is what voicemail is for.
Ok back to the phish.
I am quite savvy when it comes to cybersecurity and security in general. I made a good living at it for many years. I am sufficiently suspicious and watchful of these bad actors.
Today I almost fell for one.
Four months ago, I commented on youtube giving some props to Scott Galloway, Prof. G. Today; I got a reply from his account. The reply provided me with a “new way” to ask him questions with a text. Now here is where psychology came in. I worked with Scott way back at a grocery store in Westwood. So when I commented, I added an inside reference to the comment, hoping he would smile at it and think, hey, this guy is from my past. Let me be clear NO way does Mr. Galloway remember me. We weren't friends or even spoke to each other, but that reference was totally inside. In my mind, this “reply” was meant for me.
Wow, I thought maybe Scott did remember me; maybe we can connect to laugh about that job. I was thrilled to connect with him. I mean, there it was, his “new way” to connect.
I added it to my phone and was just about to text the Prof.
Then my security mind SCREAMED in the back of my head — STOP, why in the world would this man want to speak to you after one nice comment. Why would he publicly post a phone number? Obvious right?
Off I went looking at the account the reply came from, hoping it was really him. What I found was a perfect mirror of his account, except that it had NO content. LOL, I was almost phished. I almost gave some North Korean or Estonian, Nigerian, or American hacker one piece of my puzzle.
The concerning thing is that our yestertech parents would have NEVER figured it out, I mean, I am on guard, and I almost fell into it.
Confirm everything before you click it. When you have no relationship with that person, confirm it. Test the URL, test the source, look at the links and never click on it. Governments, Financial and Medical institutions use the mail for important communications. The cons use the internet (90%); they know that mail fraud is a felony and easier to catch than online cons. As I told my 90-year father, the police will show up at your home if it is a real emergency.
One last thing, Scott, if it was you, well, DM me here, LOL.