An Emotional PhishPosted: January 13, 2016
Well, I’m an idiot.
Yesterday, I got an email in my inbox from Skype saying that my password had been changed. I hadn’t changed my password.
Yeah, I know. These emails come in all the time, and the best thing to do is ignore them. That’s my usual MO with these things. Since last year, though, I’ve had some internet asshat emailing me threats, telling me I “stole” the email account I’ve been using for almost a decade from him, and saying he’ll “take me down.”
It was that fear – the thing phishing emails play on – that drove me to click the “reset your password” link in the message. Maybe Asshat did manage to get into one of my accounts. Skype is, after all, about the only service I use that doesn’t have two-factor identification installed.
I did hover over the link before clicking on it, and it looked legit. So did the other links on the message. It wasn’t until after I filled out the password reset form that I had landed on that it occurred to me I should have at least tried logging into my Skype account to see if anything was amiss.
Logged in fine. No problems here. Everything is as I left it.
Like I said… idiot.
Luckily, in the “payment method” field of the counterfeit form, I clicked the “PayPal” option and did not give any credit card information. I’m pretty sure that if I did, I’d be several thousand dollars in debt to some Russian casino or something by now. I changed the passwords on both my Skype and Microsoft accounts just to be safe, printed out some new account recovery codes… basically did everything I could do to protect myself from my own blunder.
Sure enough, this morning I got the “we need more information in order to release your account” email from an address that looks somewhat less legit than the original one. Fool me twice, right? To be certain, I logged into my Skype account again and found everything as it should be.
So remember everyone, if an email concerns you that one of your online accounts might have been hacked, check the account first, don’t click any of the links in the email, and only use customer service forms you access securely through the company’s site itself.
If you do manage to pull a bonehead move like I did, change your passwords to your accounts, including any linked accounts. Also be sure you’re not using the same password for your email address that you use for your bank or Facebook or anything else.
And if, like me, you’re still concerned that someone is trying to mess with your digital life, identity theft insurance is cheap and widely available. You may even be able to get it as an add-on to your homeowner’s policy.
That’s my public service announcement for the day. Have fun, Netizens, and be careful out there.