If Cory Doctorow can get phished, what hope is there for the rest of us?

David Heath
Saturday, 08 May 2010 00:08

Your IT - Entertainment

As well as a very well-known science fiction writer, Cory Doctorow is generally regarded as a smart lad.  But even smart lads can get phished.

There's no point in re-telling the entire tale, but to summarise what happened; due to a cascade of seemingly unrelated events, Cory Doctorow was duped into entering his Twitter password into a bogus twitter look-alike site via his smartphone.

The events? 

1. He upgraded the OS on his smartphone the day before.

2. Whether related or accidental, he deleted the password store as part of the upgrade.

3. He was in a rush and received a tweet supposedly from an old friend which included a shortened URL.

4. The expanded URL *seemed* to be the Twitter login page.  Due to the limited space on the smartphone (the specific phone is irrelevant here), the URL seemed to be OK.  Unfortunately, it wasn't.

Having quickly realised his error, Doctorow then spent a LOT of time changing a lot of passwords.  Very fortunately for him, the error was realised very quickly.

The lesson?  It's very simple, don't be smug.  There's absolutely no reason a similar sequence of events couldn't affect any of us.

To quote Cory Doctorow, 'I don't have a solution, but at least I have a better understanding of the problem.  Falling victim to a scam isn't just a matter of not being wise to the ways of the world: it's a matter of being caught out in a moment of distraction and of unlikely circumstance.'

Aye, there's the rub.