Friday, November 23, 2012

Cyber Security TIps for Writers and Other Professionals.

(Morguefile Photo.)

Spurious E-Mails.

We’ve all gotten those spurious e-mails from Burkina Faso where someone who is barely literate would like us to help them get $10.5 million dollars. The e-mail goes on to mention a plane crash in the jungle, and how the doctor, or the cabinet minister or the president, or alternatively the rebel leader, was the sender’s father, and how they need help getting the money from the Bank of England. It was stashed there by their corrupt government when the money was recovered, and they’re holding it for the rightful owner, but unfortunately they can’t properly identify themselves as they are destitute except for their computer…and they are rebels.

All you have to do is give them some personal banking information, and they’re willing to give you half the money because you are such a good and kind-hearted person. Some of these e-mails are fairly creative in terms of storyline. I’ve been tempted to steal that one about the Princess in the Somali refugee camp and her dad the rebel in the hills overlooking the capital city working to free the people from tyranny.

Most of these probably don't even come from Burkina Faso.


Lately I’ve seen e-mails purporting to be from Chase Manhattan, Wells Fargo and others. These have a document attached to them and they want you to click on it to see the details of ‘your account.’ I don’t have an account there—kind of a dead giveaway, but logic doesn’t seem to play much role in the typical e-mail scam. I never click those documents. Never. A while back I got a spurious one from Pay Pa1.

There was a warning that if I didn’t update my account information immediately, ‘I could lose my account.’ So there is always a call to action, and from the point of view of the scammers, the more immediate and the more important-sounding, the better. I never respond to any spurious e-mail ever. While they already have your e-mail address, for all I know they might be able to get your IP address—allowing them to masquerade as you, and responding may give them other clues, more personal information, and it could even turn into a dialogue. If you had a soft head, they might go to work on you with persuasion. One e-mail claimed to be from a friend, on vacation far away, and how she had lost her phone, and she needed $1,400.00 to pay the hotel bill and fly home as their tickets were stolen too. Yet we had never really talked. It was a non-relationship, which are common enough these days.

What gave that Pay one away was the e-mail address of the sender. It was: etc, etc. But what looks like the ‘l’ is actually a ‘1.’ The difference is pretty subtle, but of course Pay Pal already had that address sewn up. The scammers couldn’t use it. When I looked at the image/e-mail again, it was fuzzy and indistinct in some ways. It was a bogus copy, a sort of reconstituted screen shot of a Pay Pal e-mail. (The author is not an expert. –ed.)

Red-Hot Lovers.

Lately I’ve seen quite a few e-cards from red-hot lovers, again they have something they want you to click on. No one loves me, and no one is in love with me, and no one has a crush on me, so that’s usually a dead giveaway.


Another one is Twitter notifications. I couldn’t tell you how many times people have followed me on Twitter. Then they send a direct message. It usually goes something like this: ‘Someone is spreading nasty rumours about you on their blog,’ they provide a link to click on, and here we begin to see a bit of a pattern. Scams prey on common human failings or even human strengths, like greed, or fear, or vanity. They prey on the need to be loved, or your generousity, or the wish to be helpful. They try to play on your sympathy.

The scammers try to cover all the bases. Since I’ve never clicked on a DM link on Twitter from anyone I don’t know, (and they’re not that sophisticated to begin with,) there’s no way for me to say if it’s a virus, inappropriate photos, (a sick joke of some kind,) or perhaps in many cases just a landing page with some form of not-too-scrupulous pay-per-click application running.

Anyone you don’t know sending you photos or documents or links is an alarm signal.

Be Suspicious.

So the scammers will go on your Facebook profile page. They look through your friends list, find some of your friend’s names—say a real estate salesman. Then they pretend to be them. Here the giveaway is that the sender’s e-mail address will differ, as they can’t actually send anything if they haven’t hacked your friend’s account. That’s a whole different problem, even then, if the friend lives ten thousand miles away and you’ve never had personal contact with them, it is wise to be careful about clicking on anything, or replying to anything.

But mostly, they have to send it from somewhere else. These will often show just a nonsense jumble of letters and numbers. After a while, I learned to be suspicious of anything out of the ordinary or routine. Bad spelling and bad grammar, run-on sentences, subject matter, no previous contact, there are often a lot of subtle clues to consider.

So if someone you know on Facebook or other platform suddenly shows up in your inbox, (again with the docs, links or photos,) you should seriously ask yourself why they would be sending you things that have not been previously discussed, from a person who is certainly nice enough but you’ve never met and they live ten thousand miles away. You’ve never engaged in long chats with them, and you don’t even really know who they are. Someone like Wells Fargo is savvy enough about security (and their own reputation,) to put the message in the body of the e-mail, and any links will be the same as the official company links on their website. You can always Google it on a separate tab and see what it really is.

The most dangerous ones are the ones from someone in your hometown, as there is some psychological bond of trust there already.

You have to think about what you’re doing. Sometimes the best thing to do is to just turn off all notifications, and only use the ones like on Facebook, Twitter, etc. Clicking on links in internal messages, or in the chat box, has plenty of risks, and if you’re a writer, sooner or later you’re going to tick someone off for any number of reasons. The very fact that we have to be out there and visible can attract the attention of scammers and otherwise destructive or mischievous individuals.

Here are more tips on basic internet security from the Ontario Ministry of Consumer Affairs.


  1. If and when I get one of these, it goes either straight in the bin, or I hit phishing button and it winds up there. :)

  2. Yes, Jack. Even if I had the best anti-virus system in the world, people are always coming up with new variations. And simple curiousity isn't enough to lure me in to any of them sites--clearly for the most part they are up to no good. Time is precious and I don't like wasting mine.


Please feel free to comment on the blog posts, art or editing.