This just happened to a client who has graciously allowed us to share her experience as a cautionary tale. We'll call her Jenny Smith.
Jenny has a Verizon iPhone and a gmail address. One day, she received an urgent text message from "myvzw.com" about her Verizon account. When she clicked on it, it asked her to enter her email address and email password (not her Verizon password)--which she did, but then she immediately felt uneasy.
As you've probably guessed, it was a "phishing" attack: a fake message designed to capture Jenny's login information. The spammer began sending pathetic messages from her email address to all her contacts claiming vacation disaster, "please send money." Concerned friends started calling, and she called computers dot mom.
So far, this is (unfortunately) a common story, and normally all you need to do in these cases is to change your email password immediately. But here's where things got creepy.
- The spammer logged in to Jenny's account and stayed logged in, so changing her password did not cut off his access.
- He also set up a fake email address, firstname.lastname@example.org, that ALMOST looked legitimate (one extra letter). He changed her account settings to forward all incoming mail to the fake address AND changed the "reply-to" address on her outgoing email. Even after her password was changed, any email sent to Jenny went to him, and if she sent an email the reply went to him instead of back to her.
Fortunately, Jenny uses gmail, which allows you to check where you are logged in and force a logout. We kicked Mr. Spammer (in Boston) off, and fixed her account settings.
Moral of the story:
- Use a strong, unique password for your email account
- NEVER give your email password to a third party; no legitimate site will ask for it.
- Phishing attacks work by scaring people. Embrace your inner New Yorker: be deeply skeptical about "urgent" emails, texts and calls that ask for information.
- It pays to be an English major! Poor grammar and spelling in "official" messages are a dead give-away.
- If you get hacked, don't panic; it's not the end of the world.
- Learn how to check your account settings and activity, just in case.
(Gmail users: bottom right of the Inbox page you'll see "Last account activity: x minutes ago"; click the link marked Details to see information about logins. Remember that your smartphone counts as a login so don't worry if you see two).
But enough gloom and doom. More cheerful notes:
If an iPad and an eReader got married. . .
. . .their offspring would be the new Google Nexus 7 tablet, which gives you near-iPad features in a more affordable ($250) and portable package. It's getting some great reviews. A nice gift option, too. Or, wait for the rumored iPad mini this fall.
Deleting Gmails on the iPhone/iPad
If you are tired of deleting the same emails on both the iPhone/iPad and the computer, directions here to solve that. (Just be careful not to sync contacts and calendar with BOTH gmail and icloud--use one or the other). Or wait for the rumored mini iPad this fall.
Lastly, just for fun:Magic on the MTA
As a frequent flyer on the MTA I love all the practical innovations of recent years: apps for getting around, Select Bus Service, the train information signs. But for soul-satisfying inspiration, check out the wonderful, whimsical artwork all over the city. My personal favorite is the Samm Kunce piece, Under Bryant Park, but if you're taking visitors to walk on the High Line, don't miss the Tom Otterness alligator-in-the-sewer.
Enjoy your summer!
and the whole computers dot mom team