DOWN SOUTH
Gone phishing
Someone went phishing and landed me. At first, I wasn’t unduly alarmed as I don’t purchase from the net. In fact, I don’t even have a credit card.
I hadn’t had much computer time for a couple of weeks because I was busy with stuff and was experiencing intermittent migraines. But on the afternoon of August 31, I took time to write my column. I could not, however, log onto my email, so I went to the MindaNews office and had the file transferred from my usb. I texted Carol about it.
Ten minutes later, Carol texted me back: “Your gmail’s been hacked. You are in England and you’re asking for usd2,500 to pay your hotel.”
“Wowie,” I replied. “What to do? Write off? I can’t get it back?”
“Don’t know. Karl could not access his email.”
She’s referring to Redemptorist brother Karl Gaspar who, according to my help, got on the radio to tell people not to send money as requested by the hacker who took over his email address some months ago.
I tried logging on again, but my email address wouldn’t accept my password. Fullhouse. Like in pusoy. Darn my socks, I kinda liked the name recall to that.
I clicked “Couldn’t access your email?” and filed a notice on the belief that “My account has been compromised.” All the while, my phone kept beeping and calls kept coming telling me my email had been hacked.
I had gotten the hoax on my mindanews email, too. The hacker’s message was flagged urgent. Topic said “Please help me!” It tells about me losing my wallet in England and needing a loan to clear up the mess. It was signed Rosa.
All through the night, my cellphone kept coughing (my text alert) and ringing. I barely slept the night. A friend in Europe asked which hotel in England I needed to be bailed out from. My siblings weren’t spared, too. Their mistahs and our family friends who couldn’t get to me tried to get through them to confirm whether I really was in England or to pass on advice about my email address sending out a hoax.
The morning wasn’t any better. I had it up to here with people quipping, “Oh, you’re back from Europe already?”
Froi Gallardo, that investigative journalist/war correspondent par excellence, caught on. The required denomination was a dead giveaway, he said. He advised the cooperative that the Gail he knew only recognized “pesoses”.
My brother who has had too much crazy California sun joked that if a bobby caught me jaywalking in Soho, I could probably get off by saying, “In our country, red means go!”
Bong Eliab emailed me at mindanews.com to say he’d send money if this question was correctly answered: Who was seated next to Gail Ilagan at the NBDB meeting?
Ronnie Go texted “I really hope the virus did not damage my new mac.”
Depressed and distracted, I texted Dodoy to defer lomi night. He texted back, “Sige. Pahuway anay. Long trip from England. You must be tired.”
Aaaargh.
By noon, a notice from gmail support came in on my mindanews inbox. Since I am not very internet savvy, it took me a while to work out the instructions to reset my gmail password.
The meanie trashed my address book! I couldn’t send out a blanket all clear. I settled for texting as many contacts as I could and asked them to spread the word. I thought that would be the end of it.
I thought wrong.
The next day, I was still fielding calls and text messages on account of Rosa. Finally, I got one from a former student who said she’d tried to call several times, but since my phone was off every time, she figured I really was in England. She told me that she had received just that minute a reply to her query about the SOS. I asked her to forward the exchange to my mindanews email
This was funny. My student asked, “Ma’m Gail? This does not sound like you. Why are you signing as Rosa?” To which the hacker, now replying from gail.ilegan@gmail.com replied “I asked Rosa to email in my behalf. Please, can you help me?” The signature below said “Ma’m Gail.”
Wow. Interactive intelligence. And the phisher had a bounce. My student did not see gail.ilegan on the sender until I pointed it out to her. She just saw her original query threaded to the reply and assumed that the reply was coming from the email address she sent it to. The bounce explained why I wasn’t getting any incoming email since I’d reset my password.
I disabled the bounce and wrote gmail support to report the scam being ran through the gail.ilegan address. Gmail support replied with a form email saying that they could not entertain my concern unless I reported it through a questionnaire that could be found by clicking the link provided.
Oh, baby, not again. Not another questionnaire asking the wrong questions, puh-leeze!
I racked my neurons for a curse that would survive sending through the net. I had to think long and hard. You see, I use my curses sparingly, but you’ve got to admit this hacker had it coming. Finally, when I was satisfied that the curse would be strong enough to rip the hacker’s bowels through his sides. I sent it to gail.ilegan… and on to empty air. Permanent fatal error. Gmail had shut down his unsavory operations while I was plotting his destruction.
Ah, well. Just as well.
Think that was the end of it?
Oh, not quite.
Late afternoon the next day, I got a call from Dr. Vicky Lupase, the research director of Davao Medical School. She said she’d replied to the SOS and was given instructions to send money by Western Union. Boy, was she glad to finally reach me. She’d been calling my old number for two days already. She was worried because I supposedly replied that I did not have my husband with me and had nobody to turn to in England.
Scary. I only take money when I’ve delivered so I never knew people would be willing to send me money in advance. My PhD classmates were passing the hat. My former students were getting together to mount an operation to rescue me. I am humbled by the concern this impersonal malice had caused people who cared about my safety.
Moral of the story? Never give out your password, even if it’s gmail support asking and threatening to permanently shut down your work email if you don’t reply within the week. Trust me that gmail support won’t ask for your password. They’ll ask when you opened your account, who invited you and what you named the dog that died seven years ago, but they won’t ask about your password.
It’ll be a while yet that I’ll worry about someone among my contacts getting suckered because, as I’ve discovered, not everyone can recognize a hoax email when he sees it. There are people who would not find it inane to ask, “Gail??? I did not know your real name is Rosa! Is this really you?!!”
We are deceived when we express such readiness to believe. And sometimes, it’s just about the odds that a bad day could get worse.
(Gail Ilagan is a clinical psychologist on the faculty of the Ateneo de Davao University where she is the editor of both the Tambara University Journal and the Research Journal for the Graduate School of Arts and Sciences.)