Heading 1

Legal BlackBook

TM

OCTOBER 2018
NOBODY WOULD TRY TO CYBERSCAM A CYBERINSECURITY EDITOR, WOULD THEY?
They would. And they did.
By David Hechler
A WEIRD MESSAGE kept popping up on my screen. It was requesting my password, and it appeared to be from Apple. Why did they want my password? Apple wanted to make changes, the message said. Hmmm.
     What changes exactly? That’s what I wanted to ask Apple. The message did not appear when I was trying to download software. Or trying to buy music on iTunes. Or doing anything that should have required my password.
     In fact, there was no discernable pattern at all. One morning it popped up when I was about to check my email. Another time I was reading an article posted by The New Yorker. That time I thought to snap the screenshot I’ve posted here.
     There were times when I thought about typing in my password. My laptop doesn’t always performing perfectly. Sometimes I report problems. Without thinking about it too deeply, I entertained the possibility that Apple’s robot had diagnosed the problem and was ready to make a quick fix.
     The message didn’t visit every day. But it seemed to show up at a minimum of every other day. And sometimes it appeared more than once a day. Each time, after staring at it for a few seconds, I hit the cancel button. I had to cancel it three times before it went away. But it always obeyed the third command. So it was only a small annoyance.
     After about a week of this, it started to bother me. I checked to see if there were software updates pending. Nope. I tried to find some sort of scam alert, but nothing turned up. So I took a photograph of the message with my phone, and I walked down to the Apple Store that’s only a few blocks away. Foolishly, I hadn’t bothered to bring my laptop, so I made an appointment and returned a few days later.
     It was a scam all right. Jennifer at the Apple Store suggested that I download a trial version of Malwarebytes, which I did. In minutes the program found evidence of malware. In seconds it was all gone. There has been no sign of the message since.
     So, thankfully, I did not have to write the headline: Cyber Editor Cyberscammed! I hope I never do.  
     Eventually I did find a website that mentioned this scam. It’s good to know that someone was on it. As many people as there are trying to scam us, there are plenty of others just trying to help us.
     So what did I learn?  My instincts were right.  From the first time it appeared, it didn’t feel right. But I can’t say I wasn’t susceptible.
     The vague ideas that were floating in my mind when I was thinking of typing my password weren’t as articulate as what I wrote above. That’s just my best approximation. But those inarticulate impulses and inchoate thoughts are what can be so dangerous. You can let down your guard without a clear reason. Maybe you’re just tired of canceling it out, so you give in. Or maybe you’re distracted, and thinking about something more important, so without even realizing what you’re doing, it just happens.
     These are undoubtedly the moments hackers count on. This is why so many cyberattacks can be traced back to someone sitting at an office desk and clicking on something that looks like something else.
     Even if you know the drill, and read about the pitfalls all the time, you can still make a mistake. In this case, I think my three best defenses were vigilance, patience and mindfulness.
     I was suspicious. I’ve learned that this is a useful posture. I took the time to deal with this without getting jumpy. I searched around for more information. I slowly came to the conclusion that it was a threat that warranted a trip to see the professionals. And I gathered information (like the photo and the backstory) that helped Jennifer suggest a solution.
     Those were the good things I did. I also figured out how I probably acquired the malware. And that story casts me in a somewhat different light.
     A couple of months ago I was searching for software that can automatically transcribe audio recordings. I found sites on the Internet that promised free software. And everything about them was sketchy.
     But I’d been looking for a while, trying to figure out which ones might actually work for me, and I got impatient. So I downloaded one from a company I knew nothing about. I did no checking on it. I knew this wasn’t a good idea. And soon after I had the proof. One of those annoying Mac Cleaner programs began popping up. I managed to get rid of it, but I bet that was when I was infected. I recounted this story to Jennifer, and she agreed.
     I see this as further confirmation that patience, vigilance and mindfulness are our friends. When I was impatient, lax and impulsive, I was vulnerable. And that quickly got me into trouble.
     And I don’t have to tell you that when you’re on the internet, trouble is never more than a few clicks away.