John Croson's Blog Home: Wow, I fell for a Phishing scheme

Sunday, May 11, 2008

Wow, I fell for a Phishing scheme

I'm soooo embarrassed about this, but compelled to share it.

I have an eBay account, like many of us do, which is linked to PayPal, which in turn is linked to my bank account. My wife and I share my eBay account, because it seems to make sense, since we share everything else in our lives.

Today she was checking her email, and it was from eBay, with a message about some item she bid on, and she'd be reported if she didn't respond. I thought this was strange, since her email account isn't listed on our eBay account, but thought we'd check it out.

*This is where my brain was simply not engaging correctly.* My wife, however, did say, "Honey, why would I get this email?", and "Isn't this strange?".

WHY DON'T I LISTEN? Testosterone? Age? No, just plain STUPIDITY...

The links in the frighteningly familiar email went to a cleverly crafted website that asked for user/pass information to the account.

"Strange, that password isn't working, try this one." I say. "Try this one."

She tries it. Doesn't work.

"Try this one." She does, without success.

"Maybe this one?". Nope, not that one either.

By now, you'd think I'd have my head pulled cleanly out of my ass, understanding what we'd just done. But Noooooooo. I'VE got to try it.

That's when you would have clearly heard a *Pop* when my head cleared my rectum. "OMG, what have I done."

Crap! You'd have thought this was the first time I'd surfed the blasted internet or sent/received emails.

I can't count the number of times I've seen email from a ruler in some obscure South African country that needs to secure their personal millions before the kingdom is overthrown by a militant faction. Or Bank of America asking me to verify my account information. Or some inter-nationally unknown lottery asking me to claim my winnings..*yawn*.

How quickly we forget the important role password security takes when dealing with ANYTHING on the internet.

That's when I spent at least an hour logging into all the accounts that I could think of, to change all my passwords to something quite cryptic. Thank FIREFOX for adding password management functionality to their product. Every website I'd ever logged into has my information stored in an encrypted form, retrievable through the UI.

Now that I've gone to all this trouble, I'll have to scp it to my desktop at work for import.

No comments: