Saturday, January 15, 2011

Retirement Lessons – Phishing and More

Most of you have heard the term “phishing,” a criminal activity wherein the source deliberately mimics (or “spoofs”) the look of legitimate enterprises in an attempt to get you to give up personal information that they then use for illegal purposes. You may know that retirees are especially subject to these attacks.

I guess phishers think that people who have reached retirement age lose their common sense at the same time they lose their paychecks. Or perhaps that their visual acuity has declined to the point that they won’t notice that the logo for their bank has suddenly changed from red and blue to orange and purple. Or that their ability to process language has atrophied so much that it won’t register when a singular subject has a plural verb, or other glaring grammar errors abound.

Phishing is generally done via email, which affords the opportunity to create a convincingly authentic looking message. (Spoofy, isn’t it?) There are many legitimate websites that will give you pointers about how to avoid being phished and tell you what to do if you smell something phishy. Here are just three:

Today I want to warn you about related schemes, so that you can be vigilant and protect yourselves against them, too. (The onguardonline site listed above covers some of these.) It’s our duty as vibrant retirees (or soon to be, or those who aspire to be…) to put the lie to these stereotypes.

“Smishing” is similar to phishing, but it’s done over mobile devices that use SMS (Short Message Service). [I am not making this up.] It relies on what is commonly referred to as social engineering. This is ironic, since smishing is clearly an anti-social behavior. [Side note to anyone who has heard of Snookie and the Jersey Shore gang, smishing is not the same as smooshing. Google that one, if you dare. If you want to smoosh, go for it.]

Since SMS was created for short messages, legitimate users employ all sorts of abbreviations and acronyms. This makes it more difficult to detect the grammar errors made by smishers that can be so obvious in phishing. My best advice on how to avoid being smished is to steer clear of SMS in the first place. Absent that, I’d create a secret code word that people you want to SMS with must use before you ack them. Here’s one that’s not likely to show up randomly (or in the Jersey Shore lexicon, BTW): “civility.”

Next on the list is “vishing,” which is phone based and usually relies on VOIP technology (Voice Over Internet Protocol.) [I am not making this up either.] Using VOIP means the communication is computer-based, providing the same ability to mimic legitimate business contacts as phishing does. If your extended family communicates with you over SKYPE, for instance, you could be the target of a vicious vishing attack. So beware. The good news is that the same secret code you use with SMS can help you distinguish genuine well wishers from bad vishers with evil intentions.

All of this puts me in mind of the first generation of stealth communication, which was popular two to three decades ago. It involved people calling you at home claiming to be market researchers but really having ulterior motives. Legitimate market researchers were steadfastly committed to, but unsuccessful in, eradicating this bogus activity.

The first of these was called SUGging. (I kid you not.) SUGging stands for “Selling Under the Guise of” conducting market research. You’d get a call from a group conducting market research on some topic. The first few questions sounded legitimate, and the next thing you knew—wham! You were on the receiving end of an aggressive sales pitch for a product coincidentally related to the “research” being conducted.

SUGging was so successful that FRUGging soon followed. (Again, not my acronym, but if you like smooshing, you probably have raunchy thoughts when you hear “frugging.”) “FRUGging” stands for “Fund Raising Under the Guise of” conducting market research. Same type of call, claiming to be conducting research on some pressing social issue. Same initial reasonable questions. Same wham! leading to a request for a contribution to a group whose mission was miraculously aligned to the issue being researched.

You don’t hear much about sugging and frugging these days, probably because of the “do not call” registry. Maybe pressures will come to bear that will result in “do not phish, smish or vish” registries, too. One can only wish.

No comments: