This week, I'm pointing you to one of my favorite podcasts: NY Times Tech Talk, and in particular, their most recent show (January 7, 2009). There's a great piece on email SCAMS with guests David Perry and Todd Robbins that got me thinking on the way to work the other day. I was listening intently, for one of the teachers in my district had just fallen for a scam last week. Here's what she had received:
Dear Email Owner, This message is from messaging center to all Email owners. We are currently upgrading our data base and e-mail center. We are deleting all unused email to create more space for new one. CONFIRM YOUR EMAIL BELOW: Email Username: ............... EMAIL Password: ................ Warning!!! Email owner that refuses to update his or her Email, within Seven days of receiving this warning will lose his or her Email permanently. You are to send your email username and password to the webmaster via this email: firstname.lastname@example.org Regards Mrs. Anderson Mary Webmaster (ORG)
Sadly, she did it. She gave her username and her password. Gave them away. Now, this is a smart person who fell for this. So, the question is: where was the breakdown? How do these scams work, and why do so many of us fall for them? In the NY Times podcast, Perry and Robbins show that many email scams of the day have "direct routes to 'old school' con games. They call the type of email the teacher above fell for a "jam", when someone is trying to "push you into doing something", usually with urgency. This is a very effective ploy, because, quite simply, we are taught (from an early age) to do the right thing and most people want to quickly "fix" any problem they're presented with. I think that no matter how savy you are, when you get an email with such urgency, it makes you at least pause a little. The line, "Warning!!! Email owner that refuses to update his or her Email, within Seven days of receiving this warning will lose his or her Email permanently" has psychological leverage with even the toughest of us. The interviewer on the NY Times podcasts asked her guests, "How can we still fall for these things?" One answer given is that there are over 100 million new Internet users every year. In the "bad guys'" eyes, that's 100 million new suckers born every year. I think we're probably all born suckers, that is, until someone schools us in ways to not be. This is not really about technology at all. It's about becoming "street smart." It's about becoming literate. If we just leave it to chance and hope that our students get the skills they need to avoid scams then clearly we're doing them a disservice. Part of preparing them for their future well-being is showing them actual scams, have them analyze how scams work, how to verify information, where to go for help. It has to become part of the curriculum --- and not just confined to Technology class. Some sources to start educating yourself/your students with are:
- iSafe.org (offers an intensive curriculum and training and has an excellent unit on Phishing and scams)
- FBI: New E-Scams and Warnings
- Snopes.com (a site many use to verify viruses and scams)
- Scamdex (use email from their HUGE archive of scam-mail to offer your students a "SPAM of the week" to analyze).
- Federal Trade Commission: Spam
- Hoax-Slayer (latest scams and hoaxes; move over Buffy!)
Please add to the list of resources in the comments section. And remember: your bank, your Internet provider, Amazon, PayPal, the government, etc. will NEVER send you an email asking you for your password.