I'm as tech-savvy as they come. I've been a computer programmer for a major corporation, I've been a head CIS guy, I've run my own businesses, including one where I built internet sites and presences on the web. As far as the internet goes, I was on it long before Al Gore took credit, back when all you had was grey backgrounds and black text. So I've seen all sorts of scams and stuff come and go.
I use the word "email" as a noun and a verb. I don't put that stupid dash in it either (e-mail). I don't say the ubiquitous "www" before I give a web address. And I certainly don't add the "http://" before it like a total geek. I remember calling it a URL (Uniform Resource Locator) before the term "web address" caught on. I remember dialing in with a 9600 baud modem and waiting five whole minutes for my first crappy little dirty picture to download. It wasn't even a good one.
I don't open email attachments I don't recognize or expect, so I protect myself fairly well from viruses. I employ Ad-Aware to keep the spyware and malware down to a respectable level. And I click "Shut Down" to turn my computer off instead of hitting the power button.
I thought I was as careful as a person could be. Hell, I've taught other people how to be careful on the internet. I thought I was invincible.
Until I got phished.
Phishing is where some scammer/spammer sends you an email from a popular website that you probably have an account with. Popular ones are Paypal, Bank of America, Citibank, Myspace, etc. The email looks professional and legitimate, just like it came from them. But it didn't. The scammer created it and put it on his own server and sends out emails with the hidden link back to his server. When you click on it, you end up on his site instead of Paypal and you're prompted to enter in your username and password.
So you do.
And as a result, you unwittingly hand over your username and password. The scammer then uses it to log in to your account and either 1)Steal money, 2)Steal your identity, or 3)Send more spam. I've been phished many times and never once bit. I used to even alert the system techs at the websites they were trying to mock, long before phishing was a word. Now, if you go to a website like Paypal, they have a link usually on the front page that alerts you to possible phishing schemes and instruct you to never click a URL in an email, but to always type the site in directly and then log on. I know all this.
Yet I was phished and I bit.
And for some effing reason (I officially blame lack of coffee), I was lazy enough to click on the link in the email and then enter my username and password on the screen it served up. I handed over my username and password to a scammer on a shiny silver platter. Would you like a glass of sweet tea with that? Should I lube myself or would you enjoy doing that yourself?
They did it themselves, using my myspace account to spam other myspace accounts from within myspace. When I went to log in the next day (or whenever it was), I couldn't get it and a message popped up from the techies saying I'd been phished. I couldn't believe what I was reading. Me? Mr. Techno Perfect?
Needless to say, the username to myspace is your email address. I used my hotmail address. And wouldn't you know it, I had the same password for both. Just like most the world, I use the same password or variations of the same password for most of the internet sites I belong to. So, I had to go about changing ALL my passwords for all my sites everywhere. Ouch. It took me days and I'm still finding sites that I forgot about.
Let this be a lesson learned before it happens to you. Beware the Phishing. There are sharks out there.