Elaborate Phishing Hack

A friend of mine was recently a victim of a phishing scam which was quite elaborate. The story begins where most of them do – with one of those emails that your IT department constantly reminds you not to open. She clicked on the attachment therein – a miscalculated action that kicked off a series of events that left her over $1,000 poorer. The attachment was an excel file that obviously had a script to do either one of these things: a) download an executable file on the PC and commandeer the machine, or b) Retrieve cookies from the browser’s history and send the files to a server in Estonia. Whatever the method used, the hacker was able to log in my friend’s Amazon account and more importantly her gmail account, the holy grail of all accesses.

Here is where it gets interesting – it took all of my inner Columbo to figure it out. First, the hacker accessed the gmail account and set a filter to delete all emails coming from Amazon. Second, the hacker accessed Amazon and retrieved my friend’s full name and shipping address. They then signed up for UPS My Choice using my friend’s name, address and email. Remember they already have access to the email. If you don’t know, UPS My Choice allows you to track all packages shipped to you; enables you to schedule a delivery time and, you guessed it, route your shipments somewhere else if you are away from home.

At this point the stage was set for our hacker to execute the final phase of their devious plan. They logged back into Amazon, ordered a laptop and chose next day shipping. The best part is that all they simply had to do was select the same shipping address and credit card that my friend typically uses for her Amazon orders. After the order was placed, they archived the order so that it wasn’t readily apparent that an order had been placed. The icing on the cake is that it appears that the item was ordered by my friend and shipped to her house.

The last step must have been the easiest, simply logging into UPS My Choice and rerouting the package to Tifton, GA.

So, be careful my friends.

A couple lessons from this experience.

1. Do not open emails which you don’t know who the sender is
2. Do not especially open attachments from those emails
3. Ensure that all your online accounts are double secured using two-factor authentication
4. Check your bank statements every day
5. Sign up for UPS My Choice before the hacker does
6. Clear cookies/history on your browser often
7. Make sure you log off from your email after you have completed sending and receiving emails

Pyramid-schemes Pushers

I have this arcane ability to spot pyramid-scheme-pushers from a mile away. They are typically well dressed, they smile widely and are skillful at making eye contact. They will be the only ones in the room eager to make conversation with anyone. It is hard to miss them. They have a certain air about them that reeks of a desperate urge to impress. They often exude the implied success in not-so-subtle ways. It is not unexpected for one of these specimens to boisterously answer a call like this, “10k per square foot? Jesus! That’s not what we agreed. Call me back with a better quote”. They will then quickly hang up and apologize to everyone around them, muttering how imported Italian marble is tightly controlled by the mafia.

My first instinct is usually to ignore them. This is typically one of those moments that I will start liking posts on Facebook, or read a book. My latest by the way is Ben Okri’s, The Famished Road, my first foray into the world of magical realism.

What are you reading? The bespectacled gentleman has finally zoomed in on me. I answer him and continue reading. Undeterred, he starts to engage me in small talk. As he talks I somehow begin to feel sad. It is plainly obvious that he is not interested in Ben Okri or the awards that he has won for this very book.

I am positive that he is on a fishing expedition for suckers. I am his next target. I now feel even more sad. What about my appearance made him think I need saving? He must think that I am devoid of income-generating ideas that I will quickly grasp at his every pathetic attempt at explaining the potential windfalls in his so-called business. He must have somehow summarized my goals and ambitions to be null and void and that I will happily toss them all aside and jump on his gravy train. And what a gravy train it will be, he will tell me. I can almost narrate word for word how he will start that conversation. You look familiar, he’ll say, feigning a recollection pause. He’ll certainly ask me what I do for a living. Out of politeness, I’ll answer him and then brace for the punchline. Oh. We have engineers in our company too. He’ll pause to give me an opportunity to ask him what company he works for. I’ll ask, not because I care, but because I want to get over the conversation quickly. And then the sales pitch will begin,

..our company is a multi-channel global business dedicated to bettering the lives of its members through collaboration and access to discounted merchandise from a wide array of products. Through a system of peer-to-peer marketing you can certainly earn a living while buying the products you need and getting your friends to …..

I’ll zone out at this point, carefully avoiding the urge to roll my eyes.

At the end, he’ll try to convince me to attend a meeting on Thursday. It’s always on Thursday for some reason. He’ll be sure to let me know that Jay and John, who are making a killing in this business, will be at the meeting as well. He’ll probably make a joke about whether Jay will be driving the Maserati or the Lambo that day.

I hope my email server flags his email as spam.

First-class passengers

I have always disliked the smug look on those first-class passengers. Often too engrossed in their crisp Wall Street Journals, they hardly ever make eye contact. Unless of course it is to take pity on you. As if to further rub in your face your demeaning zone-3 status, they sip their club soda pretentiously while eyeing you from the corner of their eyes to detect if you are admiring them. Every time I walk past them, I analyze them to figure out which of them is an upgrade-recipient and who is considering buying a Gulfstream. I always smile at them expecting at the very least a nod. Usually I get nothing. And so I stroll past their hallowed section towards 34D, passing the equally-smug exit-rowers. With only my thoughts, miniature pretzels, and cheap cranberry juice to comfort me; I often wonder about life on the other side of the curtain.

On my last flight back to Hartsfield, I was upgraded to first class.

Isabela

Some names elicit deep emotions. Like Kenya’s Nduko, Isabela reeks of passion and seduction with a hint of lust. I picture Isabela playing the object of everyone’s affection in a Mexican soap opera. In the final scene, set in a Mexican beach, she stands tall in a beautiful silk gown. Her body glows beautifully against the sunset rays falling on her exposed back. Ricardo, her lover, is on bended knee looking up longingly at Isabela. Maintaining a self-assured pose, Isabela looks out to the sea and declines Ricardo’s offer. She then walks away, taking long graceful steps like a lioness. She never once looks back at poor Ricardo.

Isabela, the hostess at The Carmen Playa, welcomed us and recommended the seaside bar. Recently built, The Carmen Playa dots the beautiful coastal landscape. It is the kind of place James Bond would stay at. On the morning of the big day, he would come downstairs, order a shaken Martini and admire the sunbathing bond-girl. Anyway, there is strong Brazilian influence in the decor at The Carmen Playa. So, it was only natural that I ordered their world-famous caipirinha. As I sipped this delightful goodness, I looked across the gulf of Mexico and ran through the script of my life so far. As Cessaria’s Besame Mucho played from the Bose speakers up above, I realized this is the closest I have been to a heaven.