Posted by Matt Egan 04 February 2015
If I *was* in trouble abroad, I'd call. I certainly wouldn't send an email asking for urgent help
Thanks for your concern. I am not, in fact, trapped abroad with no money or papers. It's just that someone I know keeps getting hacked. And if you keep being unlucky, it's probably your fault.
This morning I awoke to the musical chiming of multiple text messages. They came from a variety of people, all concerned.
Some of them were worried that I was lost without cash or papers, in Turkey (of all places). But most were worried that my email had been hacked. In fact, it was my parents' email account that had been hacked for the second time in a fortnight. And the email that was being sent from their account carried my name and contained one of those phishing messages asking the recipient to send money. (For the record: if ever I need urgent help, I won't send an email. Any more than I'd send a postcard or a carrier pigeon.)
This kind of account hack is annoying, but not unusual. And it's not personal: but the personal nature of the message makes it feel that way.
My (pretty tech savvy) mother asked me why 'they' would be targeting her. Of course no-one is targeting anyone, it is just that my parents' entirely reasonable tech habits leave them open to this kind of attack. I know that my folks have unguessable passwords, but my Dad likes to forward on round-robin emails containing jokes or 'warnings' about the latest scams. And although they have security software installed, they both access their shared email from multiple laptops, without always being entirely vigilant about scanning and updating those devices.
None of this renders them worthy of blame, but it is why everyone in their inbox woke up to the news that I was desparate for money, ligging around outside a kebab shop by the Bosphorus. (See also: Chromebooks: ready for the prime time - but not for everybody.)
How not to get hacked
You need to be disciplined to respect the pitfalls of using email. Email as a medium has to be treated with the same attention to nuance as is letter writing. And I seem to remember being told repeatedly by children's TV presenters in the 80s that chain letters were a bad thing.
This is not new information, but if you personally don't know the individual who originated a message, you shouldn't open it, never mind pass it on. This is how spammers find out live email addresses, and by forwarding such emails you are exposing your friends and family to attack. Clicking the links contained within such emails is also the way that much malware is installed: the kind of malware that hacks your emails and uses your PC as part of a botnet to send out money-grabbing spam.
Anyone can be taken in by phishing and social engineering. Literally, anyone. There is no point being smug about it. But disciplining yourself to ignore forwards and mail from strangers will help you avoid it. And for the times when you are caught out, as well as changing your email password you need to make sure that the computers from which you access your email have not been compromised. A deep scan with up to date security software is required.
I'm certain this is what happened to the older Egans. The initial hack would have been a social engineering trick - one of them will have clicked a link on an email forward. They dutifully changed the password, but the infection was deeply rooted on one of their PCs. And so the spam rose again, and I was banished to the gateway between east and west. Lucky I like Turkish food. (See also: Windows 10: a guaranteed success. Probably..)