About ten years ago, I met one of my closest friends through a mutual acquaintance. Other than a love for sports and food, we have very few other interests in common, but we are still great friends. I am the white collar part of the friendship. I have a background in computers, but I am not mechanically inclined. The most important thing I learned in wood shop and auto shop was that I should leave anything that gets your hands dirty to the professionals. My buddy, Jim, is the blue collar part of the friendship. He likes to attempt his own repairs around the house and would never stoop as low as to hire a contractor. On the other hand, his self-taught computer skills are seriously lacking. This is only compounded by his complete trust of anything he sees in his email or on the internet. “I’ll just click on this and see what happens!”
One day Jim comes to me in a panic.
Jim: “Somebody just called from Wells Fargo to let me know there are a bunch of suspicious charges on my account. They said they think I was fishing or something.”
Me: “They mean phishing which is spelled p-h-i-s-h-i-n-g. They think you clicked on a link in an email that took you to a fake web site. Once there, you logged in with your user ID and password and the thief now has access to your real account. They were ‘phishing’ and hooked you. Am I right?”
Jim: “NO! … well … maybe. I don’t know! I got an email from Wells Fargo that says I needed to update my personal information or I would lose access to my account. Was that it?”
Me: “Yup. What did the bank say?”
Jim: “I have to go to the bank tomorrow and get all new bank cards. What a hassle! I am not happy with Wells Fargo!”
Me: “I think you have this all wrong. Wells Fargo saved your ass. They are the ones who called you to say you had been hacked. You should be thanking them. They will likely have you change your password for your online account.”
Jim: “Why? They are the ones who sent me the bogus email in the first place!”
Me: “No. That email was created by the thief who is trying to pilfer your account. It must have looked pretty good since you clicked on it.”
Jim: “I don’t get it. Why would anyone take the time to do that?”
Me: “Think of it as bait and you are the fish. They got you which made it all worth their time. Bottom line… never click on a link in an email that requires you to login to a web site. Just assume they are all bad.”
Jim: “Where is all this information… in my computer manual? How am I supposed to know that?”
Me: “I know it doesn’t seem fair, but you got taken. Let’s sit down one night and I’ll teach you about phishing, viruses, malware, hacking, and all the other dangers of computing. No offense, but you use your computer like a teenage girl uses a car. You need to do the care and feeding work so you don’t get taken again.”
First off, I am not ‘better’ or ‘smarter’ than Jim. I know about a lot about this stuff because I work in the industry and… I have fallen into the same traps myself. Yes, I too have clicked on phishing links and inadvertently shared my logon and password with… ‘phishermen’. And yes, I have also had to spend time on the phone with my bank, closing out credit cards and having them reissued. I then had the pleasure of contacting all the vendors who had my old credit card on file so I could have that information updated. It was time consuming, frustrating, embarrassing, and… a great lesson learned. Jim needed the little lecture I gave him just as he would have given me a similar lecture had I not changed my oil or checked the tire pressure on my car.
Since that time, Jim has experienced the pain of phishing more than once. I think my teaching sessions were helpful, but he still has that ‘tinkering’ gene in him: “What happens if I click here?” It is people like Jim that the phishermen are counting on. They prey on your trust and ignorance. The aftermath shows an angry customer (Jim) trying to clean things up with vendors, banks, and ISPs. In the end, who is responsible for making sure Jim is educated in how to use his computer and the internet? I believe there is joint responsibility amongst the vendors who sell on the internet, the ISPs who provide internet access, and the customer to protect each other from the threats.