The instant I clicked on the attachment, I realized that I should not have.
I was researching for my next blog post when the popup notification in the corner of my computer screen showed that I had a message on Facebook Messenger. It was from a friend that I regularly played squash with.
It read: “Dax Nair OMG?” and had an attachment.
I ignored it. I didn’t want to get distracted from the task at hand.
A few minutes later I got another one. This time from another friend from the squash club. It had the same message.
I wondered what I had done.
Was it possible that one of my squash related blog posts had been picked up by the Professional Squash Association?
Perhaps I had won the 680 News Weather Guarantee Jackpot. The station only announced the winners over the radio. I may have missed it.
Maybe it wasn’t good news after all.
What if it had to do with something stupid that I had done without realizing it, and it was all over the Internet?
With a mixed feeling of anticipation and trepidation, I quickly logged into Facebook and without another thought clicked on the attachment.
Nothing seemed to happen.
I clicked again. The same result.
It suddenly dawned on me that something was amiss.
As I pondered my next move, I got another message from my friend that read, “You may be getting spam from my Facebook account, please disregard.”
Too late for that!
I may have just fallen for a computer scam! And, potentially helped spread a computer worm!
Thankfully, I was on a Mac. Hopefully, the worm was targeted at Windows machines.
Small consolation.
I quickly changed my password and posted a warning message on my Facebook timeline indicating that my Messenger account may have been compromised. Fortunately for me, I had not divulged any personal information such as passwords and the like.
In retrospect, I believe I got off lightly.
Almost two months in, I have not seen any fall out from my mistake.
I am disappointed with my action though. I should have known better.
Until recently, I was in the business. I should know about network security scams. My team and I made a living helping companies mitigate security vulnerabilities.
But it’s always the one momentary lapse of reason that gets you in trouble.
Network security scammers are smart and getting smarter.
For readers who are not necessarily technophiles, my mistake is a good lesson. It should serve as an example as to what not to do if you get an email or instant message that does not make sense right away.
While on the subject of computer scams, there are a few simple — non-technical — steps that you can take to reduce exposure in the event you become the target of a network security scam. I have written about this in the past, so if this feels a little redundant, please bear with me.
Don’t fall for phishing scams
If you think you are smart enough to recognize a phishing email when you get one, you may want to hold that thought. As per this report in the Verge, John Podesta, the chairman of Hillary Clinton’s Presidential campaign fell for one.
He had an IT team behind him.
From long-shot emails — shown below—that claim you have been bequeathed a large inheritance in a foreign country, to more credible-sounding requests to update your passwords, hackers often masquerade as reputable organizations like Google, Netflix, and PayPal to try and gain your trust and your personal data.
You may also become target of spear-phishing, an attack targeted directly at you. Armed with information publicly available through social media and other digital media platforms, hackers target individuals and institutions with personalized emails that appear to come from folks you know — your bank manager, boss, friend…
My Facebook Messenger fiasco is a good example.
Use free online virus checking tools
Virus Total is a free online tool offered by Chronicle, a subsidiary of Alphabet Inc., the same company that owns Google. It allows you to check the quality of files and links that you are unsure of. Just copy and paste the link or upload your file into the tool and it will tell you if you are good to go, or not.
Over the years, it has really come in handy for me.
Subscribe to login Alerts
Receiving alerts at every login can be a pain in the neck. But it helps ensure that you are alerted if someone else other than you access your account. This is especially useful for social media accounts such as Facebook and Twitter.
Sign up for two-factor authentication
User names in companies are easy to guess and usually follow a pattern — first initial and last name, or something similar. If someone gets hold of your user name and tries to get the password reset using the “forgot password” feature, the two-factor authentication will ensure that the One Time Password (OTP) can only be accessed through your email or mobile phone.
Use security questions and answers
This is another simple-to-implement feature offered by many financial institutions and mobile applications. A recent attempt by someone who impersonated me to gain access to my credit card was thwarted by the bank because he could not get past the security questions.
So, there you are.
Clearly, this is only a subset of the numerous things that you can do to secure your devices and protect personally identifiable information.
Hopefully, you are ahead of the curve on this one.
If you are not, you owe it to yourself to do your part.
- From Content Creator to Prompt Engineer? - May 7, 2023
- Google Web Stories: A Useful Tool in Your Marketing Kit - March 26, 2023
- Nine Free Online Tools For Marketers - March 19, 2023
