This is a quick warning about phishing scams, which are just ironically low-tech ways of getting the victim to volunteer valuable personal information.

There are two technologies you use every day that are not even a little bit trustworthy: Email and Microsoft Windows. Here are some things you should know about email:

The big corporations that basically constitute "the Internet" for most of us—Amazon, Facebook, whatever—know this and don't trust email for anything important. The exception is that they let you reset your password merely by proving that you can log in to your own email account. This is a serious weakness in their system but they hold on to it for their own reasons. The point is, legitimate emails from your bank, or Amazon, or whatever, will at most only ever direct you to a secure web connection where you have to log in. It is your job to make sure that when you click the link and your browser opens up, that it really is or whatever and that the connection is secure (usually a lock icon or something like that to the left of your address bar). Naturally, email phishers work up convincing-looking emails to their victims that include sign-on links to dummy websites: then you click the link, enter in your login data, and now they have it.

Actually, here is my advice: don't click email links at all. Log in to the site on your own by typing it into your browser's address bar. Email is not trustworthy and that is why legitimate businesses basically don't communicate with you that way (except to tell you go to log in to their website).

Here are some things you should know about Microsoft Windows:

Phishing scams exploit the facts above plus some simple psychology to convince you to furnish your personal information. The main vectors are email, pop-up windows, and ordinary phone calls—it is not at all difficult to convince the average person on the phone to give you his SSN!

Speaking of phone calls: never speak to anyone who has called you, or use a number you got from an untrustworthy source to call a company you deal with. For example, suppose "your bank" calls you and says that you are in jeopardy of some kind of fraud, and would you please confirm certain information. What you should do is hang up, then go to your bank's website or your last bank statement, and call them using the number they provide.

I called this kind of attack low-tech because it relies more than anything on predictable psychological reactions. If you see a message that is exciting, threatening, or concerning, do not trust it. If there are any exclamation points in it, don't trust it. One message I get all the time is from "FedEx" stating that I have a package waiting for me. Well, people love to get stuff sent to them, and that is why they fall for this scam. This was one I had meant to bring to everyone's attention because I figure some of you must have gotten it too. Here is an example:

Subject: Fed Ex Delivery Notification

Unfortunately we were not able to deliver postal package you sent on December the 14 in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office.


This is pretty crude though; the good ones look a lot more plausible, like they might actually have come from FedEx.

Another way to protect yourself from threats is to back up your data. If you know your photos, emails, business documents, or whatever, are all safe, then when you get a pop-up threatening their annihilation you will not be fazed. There are plenty of ways to do this but you will have to research them yourself because I don't use Windows. Remember that any backup scheme you use must be automatic or else you will not remember to use it, and then you will not have a sense of trust about your data and you will still be vulnerable.

Anyway, welcome to the 21st century, where strangers from all around the world are trying to screw you over. Try not to let them! If you have questions about this message or about anything you've received in particular, email me.