There is an undeniable and universal truth: People are stupid, and some people are really, really stupid.
Recently, a few people at the university were getting scammed by some phishing emails purporting to be from university admin and asking for their full name, date of birth, username and password.
In response to these emails, the real admin sent out a warning to everyone, telling people not to answer any emails that asked for all of these details as no one official would ever ask for them. Of course, to explain this, they had listed exactly what details these phishing emails were asking for...
And people supplied them.
That's right, people answered the administration email which told them to never give these details to anyone by handing over said details.
There was nothing terribly confusing about this email. It used the word "never" several times and "do not" on a number of occasions. Most people just didn't read it. They scanned the mail, saw something that asked for details and handed them over without really noticing who they were giving them to or for what purpose.
In all fairness, some of these people were not entirely conversant in English and probably didn't have time to sit down and translate the whole thing, but still...
The joy of it all is that, as the person on the front desk, I get to tell these people that they can't get into their accounts because administration declared them as a security risk and blocked their access. I have to explain to them what they did wrong in such a way that encourages them to think about it more carefully next time.
It is hard to think of a polite way to do this. Especially when every part of you is begging to say "You're computer privileges have been revoked due to the fact that you don't read anything and you're stupid. From now on you may only use print material and the actual mail service. Even the use of the telephone is probably not advised."
It's no wonder there are so many scammers out there - it's like taking candy from a baby.
For future reference, no one in any official capacity will ask you to send them confirmation of every piece of security information. No one in any official capacity will ask you to send them your password. No one in any official capacity will ask you to send them any details of worth unless you've asked them to do something first.
Here's the way it works - first, you ask for a service, then they ask for some information. If someone contacts you asking for information when you haven't asked them for anything first, treat it very suspiciously. Especially if they haven't contacted you by name or given you your membership number as proof that they actually do know you you are and have some reason for contacting you.
This goes for banks, universities, PayPal or any other service you might use.
No comments:
Post a Comment