There's an old writer's joke about the importance of punctuation that goes like this: A panda walks into a bar. He sits down at a table, orders his food and eats it. Then he pulls out a gun, fires a shot into the ceiling and walks to the door. The bartender yells: "Hey! What do you think you're doing?!" The panda throws him a well-thumbed dictionary and says, "I'm a panda. Look it up." The dictionary definition reads: "Panda (n) -- a fur-bearing mammal. Eats, shoots and leaves."
(It's also the title of a brilliant and funny book by Lynne Truss that any word geek or member of the Facebook group Good Grammar is Hot will appreciate during this gift-giving season.)
Computerworld Canada editor Shane Schick reminded me of this as we were discussing phishing attacks we'd received lately. (He also beat me to coining the title of this post, damn his eyes.)
Used to be atrocious grammar and poor spelling were the dead giveaways of the phishing world, but the messages are becoming increasingly sophisticated.
I received an e-mail purporting to be from my bank's security team this morning, saying there had been some suspicious activity on my account and asking me to fill out a 10-step questionnaire of personal information. While there were some telltales -- the fact that it was sent to my work e-mail account, the fact that mousing over the link showed a URL that was definitely not my bank's -- it was quite masterfully crafted, with appropriate branding and a single typo that could easily have been missed through a couple rounds of proof-reading.
Those of us who are on computers all day every day know reflexively that these messages are fraudulent. But we are a minority of the population and we take for granted the sophistication of other users. We therefore should take a leadership position and make sure every single person we know is aware of this simple fact, which I've confirmed with the team at my bank: A bank will never. Ever. E-mail you about suspicious activity on your account. Someone will phone. If that someone can't reach you, he or she will restrict your bank card, which will deny online banking access, or suspend your account until you can be reached to rectify the situation.
This is your mission. As someone who works in tech, those you tell will believe you. Unless they're the type that's still waiting for that cheque from Bill Gates, in which case they're incorrigible. Refer them to urban legend blaster snopes.com for re-education.