In which I am stupid

If you’ve never read the Persistence Pays Parasites entry of Cory Doctrow’s Locus column then I heartily recommend dropping over and taking a look. The short-version, for those without the time or attention span, runs something like this: Doctrow is a smart and internet savvy guy, but he got himself phished despite his high awareness of such scams ’cause they hit him when there was a short-lived crack in his defenses. Actually, let me quote the key message of the column, ’cause it’s worth repeating:

Phishing isn’t (just) about finding a person who is technically naive. It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall.

‘Course, I still recommend going over and checking out the whole thing. It’s interesting stuff and it’ll make you rethink the way spam e-mail works (at least, if will if you’re like me and you assumed Spam merchanters were going after net-surfing grandma’s who really thought that nice gentlemen in Nigeria needed some help).

And now, let me tell you about my morning. I wasn’t phished, but I was a damn sight closer to it than I’m really comfortable with. You see, around 9 o’clock this morning I get this phone, and given a variety of factors I’m half-asleep when I stumble out of bed to answer the phone with this dreadful feeling that it’s going be my parents relating some new calamity that’s happened on their trip. Instead its someone with a really strong accent rattling through some script about banks and refunds and the Australian government and would I please confirm some details for them.

I don’t really understand most of it because it’s early and the accent is nigh impenetrable and after asking for things to be repeated three times I’ve given up and just gone with things to get the call over with. My something fishy antenna is up, but at the same time I haven’t understood about two-thirds of the people I talk to since outsourcing became popular. I confirm my name. I confirm my address. When they have me listed as P rather than Peter, I give them the name. When they have my street number, but not my apartment number, I fill that in too. I stare longingly at my coffee pot. I get them to explain the whole thing to me again, ’cause in my world people don’t just ring and say “hey, we need to give you money,” but I’m mostly just filling in time until I work out what’s going on.

“Would I like my refund sent through as a cheque or deposited into my bank account?” the voice on the end says. I have to get them to repeat this three times before I understand what they asking, and even half-asleep I’m not stupid enough to give anyone my bank account details over the phone. “Cheque is fine,” I tell them.

“Okay,” the voice says. “You’re in the system. Please call my manager on this phone number with this code, and she’ll talk you through the rest of the process.”

And so I call despite the fact that there’s a voice in the back of my head telling me it’s stupid, and the manager has a far less impenetrable accent so I get her to explain what’s going on, and lo-and-behold they outline a scheme that sounds remarkably similar to this. They explain what they’ve done. They tell me they’re preparing to send out over four thousand dollars. I feel very stupid and politely excuse myself from the rest of the conversation, then do my research to confirm that the entire conversation really was as stupid as I thought it was. I call my bank and say “this is what I’ve revealed – do I need to do anything” on the off chance that I did reveal something I shouldn’t have and they confirm that I’m probably being paranoid. I report the entire thing to the appropriate place, but a few hours later I’m still left feeling inexcusably dumb for going as far as I did.

I suspect there will be several paranoid checkings of my bank-account over the next week or so (even though, lets face it, anyone breaking into my bank account is bound to be dissapointed by what they find there).

Today I was a stupid, stupid man, but at least I wasn’t as stupid as I could have been.

More to explorer

One Response

  1. I react very badly to people asking me for my details, as a matter of principle. I've been in one situation where the caller could not prove to me who they were, and insisted that they couldn't tell me what it was about until they confirmed who I was, so I explained to them that their system didn't work and we couldn't talk any more. I think at that stage they suggested I call my bank / Medicare / whoever and ask if they needed to talk to me about anything. I insist on having identification procedures at least as stubbornly mindless as the institutions that need to deal with me.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.