Both Oars In Keeping my digital me to myself

Jun 5, 2012

Twice in the past month, I have received urgent emails asking for money from friends whose accounts had been compromised by hacker-con artists. Both emails were blatantly obvious for what they were. The first was supposedly from a colleague stuck in the Philippines whom I would be far more likely to call for help than vice versa. The second came from the account of a former employee who I know is too careful and prudent to have had her wallet lifted in Spain. Neither fooled me for a minute.

Rather than just ignore the emails, I decided to respond. To the first, I replied, “I think you are a little too savvy for this?” To which the fraudulent writer wrote back, “Oh no ... I know this sounds weird and you wouldn't believe me.” I was impressed by the imposter’s perseverance and own savvy in including the correct name of the non-profit organization my colleague heads under ‘her’ signature. That was a nice touch. 

However, I also noted that the email address did not match the one I had for her in my address book. It was very close except for the easily missed period that had been inserted between her first and last name—the devil is always in the details. When I asked the impostor in my next email how they got her information, our short-lived virtual encounter came to an abrupt end. 

(If you get an odd email from a friend, you may want to take a moment to verify the address carefully. Inserting or removing a period or an initial is a common trick of the trade.)

The second nefarious email had the correct address, so I responded more directly. I simply asked, “Do you have control of your account now?” From the response, it was clear that she did. However, I was a bit shocked to learn in the process that her Facebook account had also been compromised. Evidently, her cyber intruder not only stole her email address book, they also walked right into her virtual living room and sat down among her friends.

This particular former employee is a rather reticent individual, so I am sure that the virtual party crasher probably did not learn much from her Facebook. Still, it must have been a bit chilling to realize that a criminally-minded hacker had just friended everyone she knows using her name. It is always extremely unsettling to have people know more about us than we intend, even silly and trivial stuff. It is a violation of our privacy. It’s scary.

There is also a practical concern here. It is much easier for con artists to select and work a vulnerable mark if they have personal information to go on, and Facebook is a perfect source for this type of information. Picture a kindly old grandmother getting a call from her “granddaughter” asking for money to help repair her car. “You know, Grandma, the one you bought me for my graduation.” Now you understand why my friend’s hacker-con artist went after her Facebook account. It wasn’t voyeurism; it was research.

Virtual or otherwise, there have been confidence schemers from the beginning of time. But, that is no reason to make their work easier by voluntarily putting hoards of personal information on the web. Afterall, why did we buy all those shredders in the paper-full world of the past if we are going to bare ourselves on the web now? Which holds more peril, the trash or a network with over three billion participants?

As proven by the never ending stream of corporate and individual apologies for being hacked, we are too digitally extraverted for our own good. It is time for a little self-imposed privacy. Accordingly, I plan to keep my digital me to myself and continue to say no to Facebook.