Just like we change the batteries in our smoke detectors annually, so should we change all our passwords
“There’s a sucker born every minute,” 19th-century showman P.T. Barnum reportedly said. In fact, the notion predates Barnum – and is just as applicable in the modern era.
Con artists take advantage of our default desire to trust. They know how to manipulate people into doing something that under normal circumstances they should be wary of.
It was once the travelling ‘doctor’ selling cure-all medicine. Now it’s the infamous Nigerian prince scam or a once-in-a-lifetime real estate investment.
Most of us don’t fall for these scams but some still do. It only takes a few people to respond to the thousands of lines cast to make it worth the effort for the con artist.
Today’s scams almost seem dull compared to the creative ones of yesteryear, but that’s not because today’s scammers aren’t as smart. They just know it’s a numbers game.
Snake oil salesman, travelling between small towns by horse-drawn cart, only had access to a few hundred people a month. The conversion rate had to be great to draw a decent income.
In the modern era, you can legally buy an email list for $150 to $350 per thousand people – and there are less expensive ways to get email lists illegally.
But some modern scams are still creative. I recently received an email in which the sender claimed they had hacked my email address, then infected my phone, computer, tablet and other electronic devices connected to the Internet. They sender claimed that the fact they’d emailed me from my own email address was proof. They included my email password to further cement their claims.
They claimed they had downloaded all the contacts from my phone. They claimed they had monitored my Internet access and captured pornographic images of me. “We will send these images to everyone on your contact list in 72 hours if you do not send us $800 in crypto currency to this account,” they threatened.
The password included was a password I use on low-security websites. It was not my email password. An average programmer could build a spam-generating email tool in an afternoon and fill out the email/password pairs from a hack list from some low-security site.
What can be done about this con?
The government has a variety of regulations to safeguard us and I’m not sure more laws will have an impact. We don’t seem to increase catch-and-conviction rates for the perpetrators, in great part because it’s difficult to prosecute someone in a foreign nation.
In fact, the best solution is personal: we must take precautions, being careful in who we trust and how we use technology. Here’s the oft-repeated basic list of precautions:
- I’ve heard it said that you should have a different password for every login. That would be more secure but it isn’t practical for most people. I’d suggest you have several passwords that you use regularly, including a high-security one that you only use on your computer or email, and one that you use on all other sites that you consider of significant risk. Then if a password is compromised, it will only affect one group of accounts.
- Just like we change the batteries in our smoke detectors annually, so should we change all our passwords.
- If you use a Wi-Fi router that you bought at a retail outlet, change the default password.
- Install virus protection on your computer, tablet and phone.
- If you receive an email or text from someone you don’t know (or even someone you know who you weren’t expecting to hear from), don’t click on any links in the message.
Every con is based on the gullibility of the victim, regardless of the technology being used. When something comes your way, stop and think: How likely is this to be true?
Being cautious could save you thousands of dollars and a big headache.
By Eamonn Brosnan
Eamonn Brosnan is a research associate with Frontier Centre for Public Policy.