Tuesday, August 17, 2004

You've Got Pictures - or Not!

This is a public service announcement. Without guitars!

My gullibility quotient is rather high, but not usually high enough to actually get me into trouble.  I almost never agree to anything over the phone.  I forward Nigerian scams to authorities, send copies of spoof Citibank email to Citibank, and check everything else out on
snopes.com.  But last week, when I was getting all that attention from the Editor's Picks, I got email and comments from a lot of different screen names.  So when I got an IM from a screen name that seemed familiar, saying "You've Got Pictures," I clicked the link - and got scammed.

The spoof page that comes up from this IM requires typing in a screen name and password.  Then it goes to the familiar loading page with the row of green balls going back and forth.  But the picture never comes up.  There is no picture.  It's just another way to harvest passwords, presumably in hopes of getting financial information.

I had no clue what I had done until the next night, when AOL bumped me as I was finishing up a journal entry.  The disconnect message said that someone else had signed on with the screen name, and to call a certain number if the other sign-on was unauthorized.  I figured it was an AOL glitch, signed on again, and stayed online for an hour or two before getting bumped again.  Same disconnect message.  I called AOL, was asked the wrong security question by a programmed voice, and was passed on to a rather nice AOL tech.  He told me that there had been two remote log-ons from one screen name and a brief attempted log-on using another, and explained what I had probably done.  That was when I remembered the phantom You've Got Pictures.  How embarrassing!  I fell for it!

I had to change all my passwords, of course.  I don't think the scammer got any financial info, but I'll have to be vigilant for a while.  And since then, I've had about four more "You've Got Pictures" IMs, from four different screen names.  Now I type "who are you?" when I get one.  Usually there's nobody there, but last night someone replied that someone had hacked his screen name to do this, and he was trying to stop it.  So if you got an IM from me promising a picture that didn't load, it wasn't me, honest!

The best thing to do with this stuff, or any spammer / scammer IM, is to click the "report to AOL" button, or whatever it's called.  I did this even with the one that said he was an innocent victim, noting that possibility in my accompanying remarks.  Maybe AOL can help the guy clear his (screen) name.

Don't fall for this, okay?


1 comment:

ryanagi said...

Good to know! I've had this pop up in email and once or twice in IM, until I changed my IM settings to only accept from people already on my buddy list. -B