It was as long, and as difficult to read, as a Melville novel.
Moby Dick:
This was a long, convoluted story of my attempts to resolve a billing problem with my Internet Provider, Comcast. (Note: no, it has not yet been resolved to my satisfaction. I estimate it will take 45 to 60 days to get all of the billing issues resolved. Perhaps as much as 90 days, if the Comcast Service Representative didn't actually do all the things s/he said s/he did.)
After I published the article I read it. I thought "That's a lot of whining for one post, even for a Geek! I ought to just delete it. But it's late, I'll sleep on it first. " (Not the first time I've had that thought, and from time to time I have acted on it. You may not have noticed. That suggests that it's usually a good decision.)
However, I didn't. Call it Sloth. Call me Ishmael.
__________________________________________
The Phisher:
A couple of days later at 6:13 am, someone who represented himself as a Comcast employee posted a comment offering to help.
All I had to do, he said, was to email him my phone number, and my Mother's phone number.
The return email address he provided was "cable.comcast.com". (Which, according to Whois.com, is not a properly formatted domain name. But email routers often have extensions like this.)
The guy must not know me for the cynical, suspicious Geek that I am. The idea that I would send personal information to a stranger from a strange land is just something that I cannot Grok.
How did this purportedly concerned Comcast employee know that I had a problem with Comcast? Comcast knows me by my Primary User Name, which is certainly not public knowledge ... certainly not something which is available to someone who knows me by Blog. Of course, he didn't know that for sure. But with a phone number, and an email address, it may be possible to access a commercial account and (if you're a fast talker) convince the CSR to allow you access by, among other things, resetting the password.
Given the Primary User Name, and a password, the amount of damage is literally incalculable. It depends upon their skill as a Hacker.
So I didn't send him any phone numbers. Instead, I replied to the email address and told him that if he was Legit, he could look up the company records and contact me by a more secure method.
This was, of course, an attempt to get HIM to reveal more about himself.
In the meantime, I contacted Comcast and described the situation. I contacted the Help Desk, and also the Vice President in charge of Operations. I asked them to vet this person, if they could; I also asked them to tell me if they had ANY idea who that person was.
I've received a reply from Comcast (not with the same "cable.comcast.com" email format, by the way) stating that they had nobody like that anywhere in their organization. They advised me to reject any requests from that source.
That was easy to do. All I had to do was to accept that he was Phishing for information which would allow him to steal from me, and not respond as he had requested.
_________________________________________
The White Whale
The reason I'm boring you with all this is to impart a message:
If you use the Internet, someday somebody may come up to you and say: "Just give me your personal contact information, and I will solve all of your problems. If I am lying, may the Jack of Diamonds jump up onto your shoulder and piss in your ear."
Friends, resist the natural inclination to believe in this person. As sure as you do, you will end up with wet ears.
If you find yourself with yellow ear-wax, what can you do?
Consider the scene in "True Grit", where Rooster Cogburn discovers that he is sharing his domicile and his dinner with a large, gray Rat. First he tried Legal recourse:
"Mr. Rat, I have a writ here says you're to stop eating Chin Lee's cornmeal forthwith. Now it's a rat writ, writ for a rat, and this is lawful service of the same. See, doesn't pay any attention to me."
When that doesn't work, he shoots the rat.
That's the best way to deal with a Phisher, too.
Tell them that you heard it here, first.
No comments:
Post a Comment