For those of you familiar with Lord of the Rings, you will recall the scene where the always feckless Pippin looks into the “seeing stone”, the Palantir, was transfixed and then rescued by Gandalf.
” ‘So this is the thief!’ said Gandalf. Hastily he cast his cloak over the globe where it lay. ‘But you, Pippin! This is a grievous turn to things!’ He knelt by Pippin’s body; the hobbit was lying on his back, rigid, with unseeing eyes staring up at the sky. ‘The devilry! What mischief has he done – to himself, and to all of us?’ The wizard’s face was drawn and haggard.”
A similar scene played out in my life this week concerning malware and my 91 year old mother. OK, it is not the end of the world as we know it, but the ability of malware to infect computers and wreak havoc can feel that way sometimes.
She received a fairly standard piece of suspicious email (the latest one going around….I see it about twice a day) from a “trusted friend” so she clicked on the link. After that, everyone she has ever emailed received the same email from her computer.
She was astonished that I was not fooled. After all, the email came from my own mother and the message said “wow this is crazy you should give it a look.” The fact that “wow this is crazy” does not sound at all like my 91 year old mother was a clue, however, I get so many of these sorts of emails every week, spotting them has become instinctive. It is probably because my email address is all over the place. I am on dozens of job hunter email lists and I exchange emails with bunches of people I barely know.
My mother asked me how I size up an email as being suspicious, so I sent her the following:
1) Does not call me by name. Just has a call to action such as “You really need to see this”
2) Tone is too familiar from someone I do not know. “Hey, I am rolling on the floor laughing at this picture of you on the internet”
3) Tone is too excited or threatening. It appears that it is trying to get me to click on a link instinctively. “Your email account has been hacked. You must verify your account immediately or we will close it in 24 hours”
4) The email is one sentence pointing me to a web page.
5) There is nothing in the subject line
6) The language is awkward like a non-native English speaker wrote it.”Please to verify your order placed that we are to be shipping soon”
7) I have seen the same email before
Essentially, any time someone sends me a link to a web page or sends me a file to open, I am cautious. If they want me to click on anything, they’d better call me by name and give me a little bit of detail. A short note like “Good article” or “You might find this useful” is not enough.
Make sure you give me enough detail that it shows that you know me. “Good article about what recruiters look for in a resume” is only enough information to motivate me to write you back to verify. “James, If you missed this article on LinkedIn, it is worth reading. A lot of it is what Dirk Spencer already told us, but this adds some details on what recruiters look for in a resume.” That is enough information that I will click the link to read the article.
In today’s world, you just can not click links or open files that people email you. There are no trusted people. Viruses get on their computer and they will never know it. Or, viruses will get on Tom’s computer, look up people in his email account, then send the email out with Mary’s name on it. Mary’s computer is not infected. Tom’s computer is infected, but the virus makes the email look like it is coming from Mary’s computer. Or, the virus will infect the Yahoo or Gmail computers. Your computer might be clean, but the virus is sending email from the Yahoo computer and making it look like it is coming from your computer.
With social media, the trickery has been going on for a few years. On LinkedIn, the worst I have seen is simple spam. Some stranger from Bangalore or Shenzhen wants to LinkIn with me. I accept and they start spamming me with various sales pitches. LinkedIn makes it easy to tag the message as spam and that tends to stop it quickly.
On Twitter, I get messages about the funny picture of me on the internet that has some stranger rolling on the floor laughing. A more interesting Twitter ploy is a mention from someone I am not following and who is not following me. Occasionally I click the “@ connect” button to see who has mentioned one of my tweets. About once a month, I see something like “@JSnid fhq4.co.cc/rgm7.” I check the Twitter account of the person mentioning my Twitter handle only to see that they have zero followers and are following zero people. Strange. Don’t click!
I get invitations to connect on Facebook and Google+ from strangers from foreign lands….not interested. Don’t accept.
Frankly, I am real tired of malware. Am I wrong here? I would love to see the G7 propose a million dollar bounty for the capture and conviction of people who write and release all forms of spyware, viruses, trojans, worms…all malware in general.
Mr. Romney and Mr. Obama….are you listening? I think we have a real vote getter here.
Good Luck and Godspeed.
Business Development Director