Wednesday, January 27, 2010

Phishing for Trust



"Do you trust me?" Aladdin reaches his hand toward the beautiful princess Jasmine, inviting her to take a leap of faith. A leap that could quite possibly bring her privileged life to an end but something about him causes her to put her hand in his and answer "Yes." Their lives intertwine, they fall in love, and all is well because she trusted a boy from the streets.

Hmmm. What was it about him that told her in an instant he was someone to trust? Well, we all know the story needed the line to use as a foreshadow, so she could realize who he really was in the end. But, outside of fairy tales and Disney movies can strangers really be trusted? Let me share two stories with you.

I have been selling clothes that I got as retail returns and overstocked items on ebay. There is a wide variety of clothing in the boxes I've received and all are brand new with the tags still on them. I thought this would be a great little business to bring in another stream of income- we have yet to see if it will pay off.

Anyway, one of the items I got was a new Kenneth Cole tuxedo, retailing for $499. I was excited to sell this piece, knowing it would bring me half of what I spent on the whole lot- so I listed on ebay, KSL, and Craigslist. Selling for $175, I got an email from a KSL buyer the day after I listed it. I was so excited!



They were interested in it and asked if it was still available. I replied with an emphatic, YES! The next email said they wanted it, but they would need to pay through paypal because they lived out of the state. I said OK, I gave him my paypal email address and said I would ship it as soon as the payment went in. I then received 3 emails from paypal. The first said I received a payment from the buyer for $175 but in order to protect their clients from fraudulent activity, they needed to hold the payment until they received a tracking number of the sent item. The next email notified me of a "Payment Pending" and the last email said the same thing, except it had a bunch of aaaaaaaaaaaaaa before every line. There were lots of places I could click to go to paypal and put in my password and account info., I didn't though.

I thought it seemed a little fishy, but I was excited to sell the tux, and the buyer emailed me again asking for the tracking number. I went to the UPS store and shipped the box. When I got home, I went back to my email to send the tracking number, and had a funny feeling about it. So, I logged into my paypal account first, checking to see if the payment was there, and there was nothing. I called paypal and they informed me that this buyer was attempting a "phishing scam" on me. Wikepedia defines a Phishing scam as this:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

I called the UPS store, they still had my package there and refunded my money. I forwarded all the emails from the buyer to paypal and hotmail, changed my paypal password and cancelled my credit card for good measure. I felt emotionally violated.

It was such a switch from the morning when I was expecting an extra $175 to come into my account to having such a close call to my entire account being wiped out, and a great tuxedo disappear! I got another email from the buyer today asking where the tracking number is. I responded: "I realized you are doing a phishing scam so you will not get my product. I hope you stop and get caught." He hasn't emailed back.

I am a gullible person, wanting to trust everyone I meet. If I were Jasmine today and a strange boy asked, "Do you trust me?" with his hand outstretched wanting me to jump to my possible death, I would probably punch him in the face and run the other direction.

At the same time, I do believe there are trustworthy people in this world. Even strangers.

For example, the other day, Sonny had a young couple with an 8 month old baby come to the lot and look at a BMW. Their baby had fallen asleep in their car and wanting not to move her, Sonny offered to stand and watch the baby while they test drove the BMW. They agreed. The couple took off, leaving a stranger to watch their sleeping baby in their car.

That seems crazy to me! This couple trusted a person that works in probably the most famous occupation for dishonesty and didn't think twice about leaving their baby in his care. I have noticed that people do this a lot with Sonny. There is an "air" about him that shows people he is trustworthy. If there was a way to teach others how to create this "air" we could probably make a lot of money, but I think it is just a God given talent. One that is only visible when people truly are honest and have integrity.

So, in finishing this discussion I guess I will move forward with a stronger caution toward others, but I will also do my best to look for the "trust" in those I meet. I also hope that my experiences help others to avoid the evil "wizards" in this world and find at least a few honest boys that work hard to save their princesses.

No comments:

Post a Comment