I can usually make it through a week without ticking off 1,000 people in one fell swoop, but since life is blessed with exceptions to disrupt every trend, last Friday was my Waterloo, or what I now refer to as my “eLoo”. And my Duke of Wellington must have been at the pub.
It was the day my computer system decided to go rogue and email every person I’ve ever contacted via email in my life. The email also hid a little spamming script disguised as a document. It’s a little like receiving an innocent looking Jack in the Box for Christmas. Wind the little handle, it plays a kindly tune, all ok, then… out pops the evil clown.
Mine looked like this:
Hello,
I tried to get these document across to you before. Did you ever get it? VIEW HERE and sign on with your email to access it as attached on Google.doc, get back to me so we can discuss.
Regards, (name of someone I know)
There is a very strange moment when you realize that your computer is working on something in the background unrelated to any task at hand. It becomes sluggish and unresponsive. It’s playing solitaire using 50,000 cards per second. It’s whirring and saying, “Bye-bye, silly human” with that weird Silicon Valley inflection. At first I thought it was counting Justin Bieber’s deportation petition signatures, but I sensed it was far worse.
The blowback was fast and furious. Most recipients recognized the scam right away—the tone was weird, oddly formal— and trashed it forgivingly. Others were a little more anxious with their concern: ”What is this, I can’t open it?, “This look fishy, is it really you?” “Are you a moron?” I got dozens of emails, along with hundreds of bounce-backs from deactivated email addresses. Aside from the embarrassment, I feared that I’d inoculated the entire planet with an apocalyptic virus. That makes for glowing PR for my media creds, and, I’m sure that in the future, my friends will probably prefer taking their chances on a Royal Caribbean cruise rather than open any email I send.
Then my Gmail slipped into a self-induced coma and shut down. I’d been locked out of my email service. Try banging on that door. The Google family is not home. I could receive mail but could not send. The appended Error Code led me to a note explaining that my Gmail had been shut down for a 24-hour period because I had exceeded the maximum allowed daily emails. In other words Gmail auto-bots considered me a spammer. I was on a Spam list. I can’t understand why—my “Sent” file read (5,700). I was waiting for a knock on the door.
How did all of this happen? I broke my own first rule—I applied my Gmail password to an email that appeared in Google Docs. In media we receive many dozens of emails a day and this one from Google Docs caught me off guard—I was unfamiliar with Google Docs and thought it actually might require an additional log-in with my Gmail account password. Not so much.
Later that day my computer went into a bizarre digestive state. Things slowed down but I could hear it working like it was playing Pong with the NSA. It was busy setting up it’s little rogue spam cell and emailing every human being and entity I’d ever contacts—a 10 year history of contacts.
The bottom line is that spammers got my email password, and if you’re like me, I use the same password for other types of accounts like Netflix, one online banking account and a few others that could make life miserable if in the wrong hands. So there was plenty to be worried about.
It’s all in the passwords.
Local computer guru Chuck Engstrom recommends that we pay more attention to the creation of passwords.
“People just don’t understand the importance of passwords. Spammers are incredibly sophisticated these days. They have scripts that will throw the whole dictionary at your email account to try to crack your password. So, if your password is an easy word like your dog’s name, and you use it for all your online accounts, you can get into some serious trouble.” he says.
First things first—The Rule of Rules: Never apply your password to anything you receive via email, no matter the promise of importance. That also goes for any phone enquiries. Retail companies or banks will never ask you for an account password. Even after more than two decades of Internet use, many of us are still not paying attention to this. I stand (sit, humbled) before you as a new and true believer. That said, if you do somehow get tricked into a spamming event there are a few things you can do.
At the first indication that you are a victim of a spamming scam, change your password immediately. “I’d suggest changing it more than once, and I’d beef it up, make it more abstract, use some of the symbol keys and make it longer than you normally would think is necessary,” Engstrom says.
In case you think you might get confused setting up so many new passwords, there are a number of good password keeper programs for both macs and pc’s. For macs, take a look here . For pcs, take a look here.
A good example, and one recommended by a Mac user, is 1Password. It’s a little pricey at $50, but very solid and offers all the features needed to password generate and protect your passwords.
The key is to compartmentalize your online accounts and to avoid using the same password universally. It can also be of help if you have a written list outside of your computer just in case you get locked out of your system. Yes, that can happen.
OK, you’ve made your password more robust and changed it at least twice after the spamming incident. The next step, as paranoid as it sounds, is to create another backup account solely to communicate with your service provider (like Verizon) if the need arises and yet another account with a different user name and different password to use for online financial transactions: purchases, banking, etc. Although I use Gmail exclusively, I have a backup account in Yahoo. It sounds excessive, and will take a few minutes of your time to set up, but you will worry a bit less about about your system’s vulnerabilities.
“Remember, a company the size of Gmail (half a billion accounts) does not provide voice technical support. It’s best to prepare for the worst and hope to be able to remedy it on your own by preparing ahead wisely,” Engstrom coaches.
SO what were the spammers trying to accomplish? Our typical encounters with spam are advertisements for products ranging form get rich quick schemes to magic libido potions. (If they could merge the two themes they might get somewhere. OK< so fairly tame. “Phishing,” however is a totally different scam and can be treacherous. Rick Broida at Cnet.com describes a particularly crafty attempt to hack into his credit card account sending official looking material describing a recent update to his credit card account. It was a close call for him.
Since no advertising was mentioned in my spam email I can only guess that that it was a “phishing” enterprise attempting to get into my email and search for banking information. After all, it’s always about the money. And “Phishermen” are highly motivated and very, very sly. Protect yourself.
Write a Letter to the Editor on this Article
We encourage readers to offer their point of view on this article by submitting the following form. Editing is sometimes necessary and is done at the discretion of the editorial staff.