We call it "Old People Island" as the average age here is (or was) 74 when we moved here in our virgin 40's. Well, now we are the old people - has it been 20 years already? It seems we measure our time from trash day to trash day (is this week recycle?) or by the monthy changeover to a new show at the gallery. Right now, we are at the "sweet spot" where the weather isn't too hot and the tourists seem to have fled. Evening buggy rides in the cool weather to watch the sunset are sublime.
Mark gets an e-mail with an "invitation" to a party through a third-party site called "Punchbowl" - yet another "silicon" valley startup idea that solves a "problem" no one has - how to invite people over to your house for drinks (I dunno, maybe call them? Too obvious, I guess). Anyway, it seems the invite was fake, even though the return address was from a friend of ours - the first sign it was a scam.
You see, if you stoop to using "Punshbowl" (why, dear God, why?) they will send out "invitations" to the people you select, but the return address for the invite will be from a Punchbowl e-mail server. I mean, after all, if they used your actual e-mail address, the guests would simply hit "reply" instead of going though Punchbowl! And we can't have that - people socially interacting without using some sort of social media intermediary. The horror!
It was a pretty slick e-mail, which sounds hard to do, unless you have an ounce of computer savvy and realize that anyone can copy an html page and then paste it to their own website. So it looked "legit" until you get to a page asking you to "login" to your e-mail by providing .your username and password. Sadly, many fall for this gambit, and now the "hackers" have all they need to log into your e-mail account, unless you have multi-factor authentication.
But even then, there are ways of "social engineering" that data - by sending another e-mail or text, saying they are the ones sending the code to "verify" you and would you please enter it now? And sadly, people do just that - and the bad guys win.
Like any good virus, the first thing it wants to do is replicate. So, once they have your login information, they login, and then send the same fake "invitation" to everyone on your contacts list. If even one in a hundred bite on the apple, well, the thing will spread like wildfire, globally.
But a virus isn't a virus unless it causes some sort of harm or damage or changes things, right? What are they after other than a desire to spread? Well, just harvesting valid e-mail addresses is one "win" for them, and knowing which targets are vulnerable (read: willing to fall for the scam in the first place) is also a win. By reading all of your e-mails they might be able to glean some demographic data, for example, which banks you do business with or maybe even a credit card number - if the victim is dumb enough to put that in an e-mail communication.
Of course, changing your password right away is one way to try to shut it down. Problem is, a bot may have logged in and scraped your contacts list and even read all your e-mails (and scraped more e-mail addresses from that!) within minutes, so the damage is already done. They usually don't try to change your login credentials (which would lock you out of your own e-mail) but that's not to say it has never been done.
Even after you change your password, they may still send SPAM to your friends in your name. About a year or so ago, a company that managed our condo for us got hacked, and even today, I get e-mails ostensibly from "Joe Smith" (not his real name) but from a nonsense e-mail address, exhorting me to open attached documents with "recent photos" or our "upcoming itinerary." I cannot unsubscribe from these, of course, so they keep popping up in my SPAM box, for years, each message a gentle reminder that Joe Smith (or his assistant) is not very net-savvy and maybe it is best we sold that condo after all.
I suppose there are other exploits a scammer could try, once you give them your username and password. Google (gmail) in particular, wants you to do one-stop shopping, and links your credit card information to your Google account., The hacker would still need the CVV2 security code, of course, but no doubt social engineering would yield that.
EDIT: I realize the main goal of the scam isn't to target the initial recipient, but the contacts extracted therefrom. The person who clicks on the Punchbowl scam becomes the virus carrier. The real infection is the scam e-mails I get from "Joe Smith" exhorting me to open virus attachments. Since the e-mail appears to be from a close friend or business associate, we tend to let our guard down. "It's from good old Joe! He would never send me a virus!" But the e-mail isn't from him, of course. And the virus attachment could be a keyboard logger that captures the login information for your bank the next time you login,
Worse yet are sites that allow you to log in through Google (don't ask me how that works!) and once in, they can buy things and hit "buy now" and it will automatically charge your credit card. Looking at you, Amazon and eBay! However, most e-commerce sites recognize a new device and ask for multi-factor authentication. So, I presume one is safe there - let's hope, anyway!
So maybe there is no real danger to these phishing attempts, other than harvesting your e-mail address (and those of your friends). That, and the social embarrassment you will get when people realize you fell for a scam.
But how to avoid this? Online sites exhort us not to click on links, enter passwords, etc. - the obvious stuff, of course. I could go one further and say, JUST STOP USING THESE STUPID INVITATION AND E-CARD SITES! And yes, I am shouting. There is really no legitimate reason to use these sites and services - the "inconvenience" of writing down a guest list and sending out invitations is not that great. Send out an e-mail to yourself and bcc your invitees! How hard is that?
And I wonder, if you read the "Terms of Service" of these sites, if they don't agree and you consent to them harvesting your e-mail address as well as those of the addressees to your soiree, to be sold or whatever. It just makes no sense whatsoever. And no, it is not personal, in fact it is more impersonal.
We get the occasional Christmas or Birthday card this way, and every time, we are reluctant to "open" them for fear of a scam. Some sites notify the sender that you didn't read the card, and the sender may e-mail you haranguing you to do so! (Why not send an e-mail in the first place?). So we click on the link and hold our breath as we carefully navigate through pirates' cove, hoping to avoid rogues and bandits. What's not to like?
Sadly, it seems like so much else coming from "silicon" valley (which is now bullshit valley) are business models like this which make little or no sense - solving trivial lfe problems or problems that no longer exist. Perhaps sites like Punchbowl are the reason people no longer have cocktail or dinner parties, but instead meet up in bars and restaurants. Perhaps.
Of course, this "AI" fad is just more of the same, on a much, much larger scale. It is sad, but so much money is being thrown at AI with little to show for it. Moronic chatbots provide little or no information - or flatly wrong information. The user ends up talking to Sanjay ("Chuck" he calls himself) in Bangalore or, better yet, Steve in Manilla. Watch out, India, the Philippines are in your rear-view mirror, catching up fast!
Companies are laying off workers in favor of "AI" and running up huge bills with AI providers (if they are not in fact, creating their own "agents.") The staggering cost of data centers far outweighs the cost of blood-and-bone humans, who at least are accountable for their errors. The whole thing just smacks of the "blockchain" hysteria of a few years back (whatever happened to that?). CEOs are desperate to latch on to the "latest-and-greatest thing" lest they be viewed as retrograde or their stock options tank along with the share price.
But I digress. If online invites are "technology" then we all need to spend more time offline.
