Saturday, March 23, 2024

A Bad Week For Security

Last week was a bad one, at least for my discretionary (aka writing) time. 

As writers, we are under pressure to promote, which means populating social media sites, making lots of friends, supplying bio material for widespread publication in our books' back matter. All this information sometimes means that the answers to poorly-chosen (and one does not always get a choice of the questions) security questions could be extrapolated...assuming that the original answers were truthful.

The trouble with secret lies is that they are not easy to remember. One needs to keep an imaginary-family tree taped to the back of one's desktop, maybe, populated with imaginary cousins and grandparents, first born children with middle names, imaginary best men and bridesmaids, wedding and honeymoon destinations, street names, first car makes and models and so forth.

If everyone did that, there would be less point for would-be identity thieves to bother with Facebook or LinkedIN, because even if they discovered the true information there, it would not answer bank security questions.

Back to the tale of woes from last week. By email, I received log-in security codes that I had not requested from three social networking sites that I have not visited in years.

I also received a call from a house cleaner whom I was not expecting, telling me that she would be late for an appointment that I had not made, facilitated by a site with whom I had fulfilled my six-month contract a month ago and cancelled renewal. To cancel the appointment to which I had not agreed might have cost me well over $100.

Two banks, a brokerage house, and a professional organization sent me warnings about scams of various sorts.  Happily, those were generic, unlike the alerts from the five or six separate identity-theft-protection vendors to which I subscribe.

My caller id showed me that some of the spam calls that came in with their tell-tale whoosh noises during the week claimed to be from a former employer. I tried to return one of those calls, unfortunately. I also gave a carefully worded piece of my mind to the fifth caller in one day who claimed to represent my television company, but could not name the company that provides my visual entertainment.

I've had to file a fraud report, close down a credit card, log in to sites I don't like to visit in order to change multiple passwords, and change credit card auto-pay information.

The one ray of sunshine was that a lawyer pointed me to an entertaining Forbes article: 

I've also gleaned some tips, many of them obvious.

If there are financial sites that you visit, bookmark them or use your History. It's best to avoid looking for a link online, especially a "sponsored link", because bad actors can buy a sponsored link and redirect the unwitting to a spoofed site. What's more, "sponsored" links tend to show up higher on the search page than legitimate ones.

However, if you must search and click, before you log in (and perhaps expose your user name and password to a villain), check the Home Page and see whether or not the site has a Privacy Policy. 

It used to be the case that spoofers and scammers could be relied upon to misspell something or to use bad grammar. Alas, AI helps the bad and the good. Nevertheless, an url to a fake site might contain odd domain extensions. Pay attention to the faint print in your page-bar.

Be suspicious if the site does not take you to what you expect to see, and you are asked to call a telephone number shown on the screen. Call the number on your statements, or at least verify the publicly listed number for the business, do not use the number on the screen.

Some of the AI bots that answer telephones for reputable sites will ask you to identify yourself by typing in your user name and password (using the numbers on the keypad). Don't do that. Don't agree to voice recognition, either. Sometimes, the bots will want to use voice recognition without your consent, and if you are prone to sinus infections or laryngitis, this will be a problem

Only download software when you know that you are on the legitimate site you expect to be on, and if you have satisfied all the multi-factor authentication "hurdles" that you have set up.

A moderately sophisticated crook can deceive email or phone systems. We used to be upset when a call from a telemarketer appeared to come from our own name, or the "From" line in an email spam is ones own name. These days, they could write in the name of a loved one, or an employer, or one's bank, or even one's doctor. So, if "your bank" emails or texts you and asks you to transfer funds, don't respond in the most immediate and convenient way.

Never feel pressured to act immediately when someone asks for money or information.

Don't forget, those "Hello, Grandma," phone calls still happen, but nowadays, with AI and deep fakes, your car-crashing grandson might actually sound like your living relative.

Finally, readers are being scammed on Amazon, and no doubt on other reputable and technically impressive sites where books can be published without human-to-human interaction.

According to Authors Guild, when a well publicized book is about to be released for sale, scammers call on AI to create artificially-written versions, or "summaries", or "companion books" referencing the same title and author-name but with low quality fake content.

Authors of memoirs and autobiographies are recent victims of AI, where the original work is copied, recycled, rewritten with the same facts expressed in synonyms. In other words, it is plagiarized. It is obviously not fair use, and because it is AI, it cannot be copyrighted, but that does not stop the nuisance, the reputational harm, and financial harm to readers, authors, booksellers, and everyone else in publishing.

All the best,

Rowena Cherry


  1. I recently received one of those "grandchild" calls, my first and so far only. When I answered, a male voice addressed me as "Grandma." Since we have nine grandchildren, most of them boys/men, I asked who was speaking. (One clue: They don't call me "Grandma.") He said, "Your grandson." I asked which one. He told me to guess. I said (quite truthfully) that I'm terrible at recognizing voices over the phone -- at least twice I've mistaken one of our grandsons for his father -- and asked the caller to save time by just telling me who he was. He hung up. Problem solved! :)

    1. I'm glad you all didn't fall for that -- I have wondered in the past if you would have received any attempts, and I don't know if Dad would have been so discerning as to test for a scam.

    2. I think he would at least have asked "which grandson?" since we have so many.

  2. Rowena Cherry4:12 PM EDT

    Margaret, I love that tip. When I get spammers telling me they represent my internet company, so I ask them "Which internet company?" I may have said that in my post.

    Today I got an email purporting to be from an internet provider, informing me that my billing information was wrong, payment had been declined etc etc. I noticed that the sender link was from a federal employee of blue cross. As we know, Blue Cross was hacked and apparently fraudsters are still using their site for emails!

    I reported them to the IRS.