Stories 6-8

Story No.6 Screen names

Passwords are the most private asset of your internet portfolio, while usernames are very much public.  They are both valuable. As the human interaction gets more and more wired in, it is more often to get to know someone from their web IDs before actually meeting in person.  So here is the question: how would you choose your screen name?

I won’t provide any advice because it is really a personal choice. But I will share some examples and my thoughts.  (All the following cases are not real. Any similarity is purely coincidental.)

Subconsciously, one chooses a screen name based on his/her reflection of his/her personality, or at least his/her imaginary personality. For example, when an employer sees someone has an email address such as mostlyharmful@email.comon the resume, the likelihood of admiration is rather slim despite the funny bit.  

It is amazing sometimes to see how your username reveals your personal information. Say if I see a user ID to be something like Mary1980,it does save me a lot of time asking the age of the lady which is supposed to be a secret.

Unlike your passwords that shall be as different as possible on each website, it is convenient for you and for others to keep your screen names as consistent as possible. Steve Jobs has a famous saying: “Stay hungry,stay foolish”. While you are creating your screen names, “Choose meaningful,choose wisely”.

Story No. 7 Go Phishing

When we talked about protecting your passwords, we mentioned the “phishing” attack. Yes, it’s pronounced the same way as “fishing”. While our friendly neighbour Korean may disagree, I believe this attack method was invented by Jiang Ziya, who is famous for fishing with a bar bless hook.

The phishing attack can be so easy and effective that it is used so often.  For instance, the phishing hook can be an SMS message saying it is from the police and your relative needs money in Shenzhen to settle a case, or an email from your Nigerian sibling claiming he inherited a great amount of money but needs your help. It is so widely used also because it really attacks the human weakness; and by taking advantage of the technology, it can be more explosive.

To elaborate with a real-world example, the famous computer and security company RSA Security (NASDAQ: RSAS) has been a victim of hacking in2011. The attack method was quite sophisticated which slipped through the noseof multiple defence layers. However, notably it was all started with a phishingemail. This incident made history easily not only because it breached thecyber-criminal fighter but also because the figure the company had to spend tofix its problem and its reputation amongst its more famous clients.

For more details:

http://www.wired.com/threatlevel/2011/03/rsa-hacked/

http://www.wired.com/threatlevel/2011/08/how-rsa-got-hacked/

Story No. 8 Continue Phishing

Officially, “Phishing is the act of attempting to acquire information
such as usernames, passwords, and credit card details (and sometimes,
indirectly, money) by masquerading as a trustworthy entity in an
electronic communication.”

Basically, phishing attacks consist of two essential steps: 1) try to
establish a communication and pretend to be from a trustworthy entity;
2) ask for the sensitive information or money that the current
operation is not required.

Hackers are working very hard to tackle the first point, and rely on
the carelessness of a user on the second. For a normal user, there is
a checklist of questions:

1.       Have I given my contact to the other party before? Do I have
an account with this website/company? Does the other party present a
valid identity match the purpose of the communication?

2.       Am I being correctly addressed in the communication?

3.       Does any website link, bank account look valid and verified,
or at least familiar?

4.       Are there misspelling and typos? How is the grammar and is
the tone appropriate?

5.       Am I being promised a lot of money for little or no effort on
my part? Or to provide money up front for questionable activities or
processes?

There is another important thing that you could do: Report the
phishing scam that you encountered. This can increase the public
awareness of the scheme. This can help eliminate the possibility of
other people falling into the same trap. phishing scam that you
encountered. This can increase the public awareness of the scheme.
This can help eliminate the possibility of other people falling into
the same trap.