We geeks like to laugh and shake our heads at n00bs who fall for phishing scams of one sort or another. We chastise out less-geeky partners and implore them to use better passwords. All the while we, the geekerati, feel smuggly immune.
Yeah, reality check, we aren’t immune in the least little bit. All it takes is the right circumstance and we’re all just as likely to click on a link (especially a shortened one on Twitter)…just like geek demigod Cory Doctorow did:
Phishing isn’t (just) about finding a person who is technically naive. It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall.
If I hadn’t reinstalled my phone’s OS the day before. If I hadn’t been late to the cafe. If I hadn’t been primed to hear from old friends wondering if some press mention was me, having just published a lot of new work. If I hadn’t been using a browser that didn’t fully expose URLs. If I hadn’t used the same password for Twitter as I use for lots of other services. If I’d been ten minutes later to the cafe, late enough to get multiple copies of the scam at once – for the want of a nail, and so on.
But all the stars aligned for that one moment, and in that exact and precise moment of vulnerability, I was attacked by a phisher. This is eerily biological, this idea of parasites trying every conceivable variation, at all times, on every front, seeking a way to colonize a host organism. The net’s complex ecosystem is so crowded with parasites now that it is a sure bet that there will be a parasite lurking in the next vulnerable moment I experience, and the next. And I will have vulnerable moments. We all do.
I don’t have a solution, but at least I have a better understanding of the problem. Falling victim to a scam isn’t just a matter of not being wise to the ways of the world: it’s a matter of being caught out in a moment of distraction and of unlikely circumstance.
So let us get our collective heads out of our respective rumps and remember that the tricks used to snare your info online do not have a “oh you’re a geek, so we’ll skip you” check nor do we all carry +5 “repel online scum” charms.
Now, there is some guy in the UK saying that I just won a few million pounds in a lottery who is demanding my attention…