benrobb

Got this email in my inbox this morning, and at first blush it looks pretty convincing.

So the important question is, how do you know if it’s real or not?  There’s no single point of failure here, an element that says it’s a scam for sure, but let’s look at a non-exhaustive list of what’s wrong with this email.

Which Inbox

First look at your own inbox.  Is this the email address that your bank has on file?  Is this where they usually send their email?

In this case, the answer is no.  I don’t use my hotmail account for any mail that I actually want to receive, so this email is showing up in the wrong place.

Why did they use my hotmail account this time?

Who Is It?

Do you even have an account with this company?  If so, check who the email is actually from.  Not the friendly name, but the actual email address.  Is this the address that your bank sends email from?

I do have a Chase account, and the email address even looks good, but email addresses can easily be spoofed when sending so it looks like it’s coming from a different place than it actually is.

The Language of Fear

If you read through the email, your first reaction is probably one of fear.  Oh No!  Somebody has been trying to hack my account.  Communications from your own bank will never have this underlying tone of fear.

And if they’re that worried about it, they’ll send you mail, even if you’re on paperless statements.  They might even call you, that’s what my credit card company does.

Why is the bank trying to scare me like this?

Second Language

If this was really your bank, they’ve got templatized email to send to someone when something goes wrong, and you can bet that it’s been scrubbed over by linguists to make sure that every word is in place and used properly.

If the sentences sound like they were written by someone who doesn’t speak English very well, it was probably written by someone who doesn’t speak English very well.  Your bank speaks English.  I promise.

Something is definitely fishy here.

Logical Flaws

My account as Chase has apparently been disabled, so what am I supposed to do to unlock it?  Go to www.chase.com and log in immediately.  Wait a minute, if my account has been disabled, how am I supposed to access it?

Links

Most browsers have a feature, that when you hover over a link, it will show you the destination in the lower right corner of your browser.  The kicker for this particular scam is revealed.  I’m supposed to go to www.chase.com, but that link actually takes me to rotarylamarsa.org.  Huh?

Secure Communication

Now let’s say that I actually click on that link.  It takes me to rotarylamarsa.org where they have essentially ripped off Chase’s website and it’s a pretty good ripoff.  The form on the link asks me to enter some personal information.  Before you ever, ever do this, look at the URL.  The very front part says http:// or it says https://.  The ‘s’ means it’s secure.  Encrypted from your browser all the way to the server.

There are methods to beat the encryption, but it’s difficult and most scammers don’t have the resources to do something like that.  If the ‘s’ is not there, never put in any personal information and never ever put in a credit card number.

What Do They Want?

Now here on the rotarylamarsa.org site that looks a lot like www.chase.com there’s a form to fill out.  What does it want?  Well it wants my username, password, name, address, city, state, zip, email address, email password, account number, credit card number, CVV2 number (the credit card security number), ATM pin, social security number, mother’s maiden name, and date of birth.

Wait, what?!

Some of these things you could make a case for.  Likely your financial agency already knows most of these things about you, but they’re not going to ask you for them on a non-secure site and all in one place.  And why do they want your email password?  Don’t they already know your account number and your credit card number?  What does my home address have to so with this?

What Should You Do?

So what should you do about this?  Use common sense.  And if you don’t want to, then the other answer is don’t click on links in your email, even if it looks like it’s coming from someone you know.

Even if I had been fooled by this email, if I had gone to chase.com instead of clicking the link in the email, I would have been just fine.  I would have logged into my account just fine.  I’d have been completely fooled by the scam, but my identity would still be mine.

Facebook is not run by philanthropists intent on providing a valuable service to the world by helping them keep in contact with people they know (or don’t know as the case may be).  It is run by businessmen who are making money in various ways that include selling advertising and personalization.

Not that there is anything inherently wrong with making money (I like to do that myself), but it does have an impact on how Facebook runs, and you should be aware of the ramifications.  Facebook was initially built on the foundation of privacy and a small group of your friends.  Overtime as the number of users grew, Facebook realized the power of what they’d built (they are now the most visited website on the Internet), they began to leverage their size in ways that required people’s profile information and activity to be more public.  If you haven’t looked at your privacy settings lately, you’re probably sharing with a much larger crowd than you anticipated.  See here for a vivid little demonstration of how Facebook has become more public over time.

Example #1

Every time you update your status, the contents are piped straight to all the major search engines, where search engines do what they do best: they index it and make it findable for anyone who types in related keywords.  In other words, the whole world can see what you write on Facebook, unless you’ve explicitly set your privacy settings to disallow this.  Explicit is the key word here, you can control all these settings, but now you have to set them manually to keep your information private, whereas before it was the default setting.

Example #2

You know all that information you put into your public profile?  Your name, hometown, likes, interests, musical preferences, favorite movies, favorite TV shows, etc?  Yeah, all that information is used to construct a demographic picture of you so that Facebook can target advertisements to you (I’m fine with that), but if you’re signed into Facebook and visit another site while still signed in, that site can also potentially see all the information in your profile.  This allows the site to personalize it’s interface to you which is powerful and actually pretty neat, but it allows a lot of other things to, and you should consciously be making the decision about whether the risk is worth the reward.

What’s Happening?

Keep in mind this is serious enough stuff that members of the US Senate are writing letters to Facebook’s leadership warning that the FTC may get involved if certain concerns aren’t addressed satisfactorily.

So for those who don’t follow tech news, if you don’t know what I mean when I talk about the Open Graph API or Instant Personalization (these are both Facebook “features”), I’ll almost gaurantee that you are sharing much more publicly than you thought you were.  Maybe that’s OK with you, but you should be aware of what you’re doing.  “Knowledge is power” and all that.

So What?

I’m not advocating a Facebook boycott like many in the tech world are doing.  Facebook provides a valuable service that I enjoy.  I am, however, advocating that you know the cost of the service that Facebook provides, even though that cost is not measured in dollars.

If you decide that you don’t want to share your details with the world and the rest of the web, Business Insider put together a handy little guide for putting Facebook on a “Privacy Lockdown”.  The guide will tell you to put everything to “Only Friends”.  You can choose your on level of comfort, I have most of mine set at “Friends of Friends”.

I’m not the most creative person in the world, but every once in awhile I try. We were carving pumpkins for family night on Monday and I was trying to think of something besides the regular old triangle-nose-smiley-face-with-two-teeth pumpkin. Alison suggested I do the cube. She was referring to the weighted companion cube from a game called Portal in which you weave your way through levels of physics puzzles with your portal gun and anything else that comes to hand.

The weighted companion cube is one of the objects you use to get through one of the later levels and has a hilarious back-story to it. Anyway, here’s what the cube looks like.

And here’s my initial drawing on paper (Mr. Turner my 7th grade art teacher who often caught me tracing should be proud).

Here it is on the pumpkin after cutting the outline. Pretty happy with it at this point.

And the finished product. Not quite as impressive as I’d hoped, but maybe someone out there can appreciate it.

Call me a sellout (I’m ashamed already), but I have it on pretty good authority that in order to be a good blogger, you need to be on Twitter. Now that I’m taking this blogging thing a little more seriously (on the Omniture Blog), I went ahead and made an account.

The straight facts? It is a pretty good way to spread the word to a crowd of people with a certain interest, though it is annoyingly freeform and completely lacking in structure. Keeping track of a single conversation is next to impossible unless you happen to be following all participants, and even then it’s tough.

The Basics

Essentially Twitter is like Facebook status updates, with the limitation that it cannot be more than 140 characters. To get a feel for what it’s like, imagine broadcast radio mixed with TXTing abbreviations and the collective intelligence level of a 5-year-old with a bullhorn.

The @ symbol is used to direct messages to specific people, the # symbol is used to denote that your tweet has to do with a specific topic, and RT means retweet – essentially someone is repeating another person’s comment. When you follow someone, their tweets will show up in your stream, unless they’re replying to a specific person that you’re not following.

Why Do Intelligent People Who Value Their Time Do This?

It’s a fair question. The signal-to-noise ratio is ridiculous and without care, you can waste your life reading the world’s largest collection of non-sense.

Where I think the real (perhaps only real) value lies is in the hashtag (#). Communities of people form around particular hashtags, and whenever they say something about that particular topic, they’ll use the tag. Anytime someone uses that tag, it’ll show up in your stream. An example: a web analytics community has formed around the #measure hashtag, so they’ll put that somewhere in their tweets about web analytics, and anyone who’s interested can add those to their stream.

The problem with Twitter is that anybody can say anything, so the experience depends largely on the communities that you participate in and the relative intelligence level of the people that make up the community. I find it much easier to be part of the #measure community (web analytics) than, say, the Miley Cyrus community.

It’s Terrible, but I Can’t Look Away

If you’re interested in what’s happening on Twitter, but don’t want to participate (and who can blame you), I would recommend you take a look at http://friendsignal.com/ or http://trendistic.com/. FriendSignal makes a tag cloud of popular topics on Twitter which are links to pages that show you what everyone is saying about that topic. If you’re interested in seeing how a particular topic is trending over time, then check out Trendistic.

Bottom line: Twitter is not for everyone. I wish that my involvement wasn’t really needed, but I intend to make the best of it. By limiting the number of people and topics you follow it is possible to be a contributing member of a meaningful community. If you have trouble keeping up with your Facebook friends, then stay far away from Twitter.

If you’re getting into Twitter in any real way, then you’ll have to use an application of some kind to keep track of the madness. I was told to that TweetDeck is the best and I’ve not been disappointed (it also does Facebook). They also have an iPhone app if that appeals to you.

And the last piece that I was waiting for has fallen into place.  I’m now officially the newest member of the Omniture Blogging team.  Find my analytics related posts at http://blogs.omniture.com/author/brobison/.