How to Survive a Phishing Attack

Introduction

This post describes a super easy way to avoid falling prey to phishing and spear-phishing.  While I’m at it I’ll explain about ransomware and botnets so you can sound impressive during fishing  trips and/or ladies’ luncheons.  I’ll even provide a real-life example of a recent situation requiring me to apply my method.

Couple quick notes:  1) You cannot get a virus by reading this blog or clicking on any link within it, ever; and 2) I actually did my homework on this post, and ran my anti-phishing technique past the Chief Information Security Officer of a giant corporation, who gave it her blessing.

Some terminology

In a previous post, I covered plain old spam, which is simply unsolicited e-mail that doesn’t even pretend to be personal.  For example, the subject line is “Enhance your male member!”  The sender hasn’t targeted you based on knowing anything about your, uh, membership … from the sender’s perspective, every man should enhance his mail member!  (And if a woman receives this message, no harm done—she can just forward it to the man in her life.)  Spam is basically electronic junk mail.

Phishing is an attack on your computer which relies on you clicking on an embedded link or opening an attachment, which either loads a virus directly on your computer or takes you to a bogus website that attempts to lure you into disclosing personal information.  Phishing messages are usually blasted out like spam, though the sender will often pretend to be a company you do business with, such as your bank.  There’s usually a sense of urgency, something like “Account locked – update password!” (i.e., “Tell us your old password, sucker!”).

Spear-phishing is more targeted and requires the sender to find out stuff about you in advance (e.g., thru social media) to make the e-mail look more realistic.  Is it important to differentiate between regular phishing and spear phishing?  Probably not.  I think the latter term was contrived mainly to help security experts sound cool.

Ransomware is a computer virus that encrypts your computer’s entire hard drive, so that only the fraudster can decrypt it, which he or she will only do upon being paid a ransom.  (A criminal with no hacking skills can actually buy “exploit kits” from the fraudsters to carry out his own attacks.)  Ransomware is one of the biggest reasons to be careful with your e-mail.

You know how vampires and zombies can make you one of their own by biting you?  Similarly, computer viruses can take over your computer and use it in a separate attack.  Such an infected computer is called a bot, and when hundreds or thousands of them are herded together to mount a large-scale attack, you’ve got a botnet.  (Think of it as an online zombie apocalypse.)  Note that as more devices—not just computers and phones but thermostats, security cameras, DVRs, etc.—are connected to the Internet, they become targets for botnet attacks as well.  In fact, they’re ideal candidates because they’re often cheaply made, poorly designed, and lack security.  They’re like really dumb zombies.

How to survive phishing attacks

My phishing survival technique employs a single simple rule:  if an e-mail appears to be from any bank (even yours), or any other business with which you have an account (e.g., a utility), automatically assume it is a phishing attempt and just delete the e-mail.  You can apply this rule even before opening the message.  It’s that simple.  The decision tree looks like this:

 There is a very small risk, with such a broad rule, that you’ll miss a legitimate e-mail from your bank, but a) it’s better to be safe, and b) remember, your bank knows how to reach you!  They have your money and are very resourceful about getting their business done.  In general, they prefer to phone you or send postal mail because they hate phishing as much as you do and have no interest in training you to fall prey.

The one blanket exception would be account statements.  If you signed up for electronic statements and receive them on a predictable schedule every month, and these statements provide account information without asking you to do anything, you’re probably fine.

As for these “Oh, no, you need to do something!” messages, keep in mind that if there’s really something wrong with your account—like your card number has been compromised, for example—that’s ultimately the bank’s problem.  They are on the hook for the cost of the fraud, so let them do the heavy lifting.  If they can’t be bothered to pick up the phone or mail you a postcard, they can face the consequences.  (For what it’s worth, my card number has been compromised a number of times, and in no case did I get an e-mail.)

All of this being said, I recently decided to amend my very simple rule.  If you’re interested in my amendment, read on.  If you’re already bored and/or have no problem with the simple rule outlined above, you’re done—goodbye!  Go get on with your life!

Sometimes it’s not quite that simple

What if you made a purchase that falls well outside your normal pattern of behavior?  For example, you just made a purchase for $2500, and the largest purchase you’ve ever made previously with this card was $1000?  Or what if you normally shop at J. Crew and Brooks Brothers, and one day get a ghetto impulse and buy something at J.C. Penney?  If you do something outside of your norm and then immediately receive an e-mail purporting to be from your bank, you might consider evaluating it further.

I got an e-mail recently from slcfraud@aexp.com titled “Your Corporate Card.”  This “From” address and subject line didn’t look obviously wrong.  The capitalization in the subject line, “Your Corporate Card,” was a bit odd, but not obviously wrong (e.g., it wasn’t “Security fraud alerted corporate card!!” or “Account info updating needs!” or some other butchered English).  The return address, slcfraud@aexp.com, struck me as feasible, though these things can be spoofed.  Only because I half-expected Amex to choke on a recent transaction, I decided to open the e-mail:

Note how it’s in plain text with no logos or anything.  That might seem a bit odd, but actually it’s completely okay.  Fancy logos and formatting are methods hackers use to make their e-mails look legit.  Don’t be fooled!  It’s far easier to manipulate graphics and logos and such than to say the right things, in perfect English, in an e-mail. 

This brings us to my analysis of the grammar etc. in the e-mail itself.  There is a stray bracket in the message (toward the end:  “Corporate Payment Services}”).  That’s a bit spotty, and such things should be considered suspicious.  There’s also a dangling participle:  “In order to assist you in a timely manner, please call us at the numbers provided rather than responding to this message.”  (The first clause refers to them—i.e., they would be assisting you—but the second clause refers to you; i.e., here’s what you should do.)  Certainly this is bad grammar, but it’s the kind of error a native speaker would make—even an Amex employee.  It’s not the kind of error made by dastardly foreign hackers who hate America.  Even still, as a general rule I would normally delete this e-mail on the basis of this, or any, grammatical error.  If this makes extra work for your bank, shame on them for filling corporate communications positions with people who can’t write a decent sentence.

All of this aside, there was one fundamental characteristic of this e-mail that caused me to take it seriously:  it didn’t ask me to click on anything, and it suggested I call the toll-free number on the back of my Amex card.  That is exactly the kind of action a bank would legitimately ask you to take, and dialing this number is an inarguably safe thing to do.  (I cannot imagine how a hacker could print a fraudulent toll-free number on the back of my card.  He would need physical access to my wallet, in which case he would presumably have no need to do anything online.)

I did note that the number provided in the e-mail didn’t match the number on my card, but it’s not uncommon for a financial entity to have multiple toll-free numbers.   You should never dial a toll-free number provided in an e-mail.  While that’s not as obviously dangerous as clicking on a link in an e-mail, it could still get you in trouble.  What if you reach a voice-response system that sounds authentic, and asks you to enter your card number?  That would be an easy way for a fraudster to hack your account.  Always go with the phone number printed on your statement or card.

Based on the e-mail above I called Amex, and sure enough, they had locked out my card because my last transaction looked suspicious to them.  During the call they authenticated me based on my caller ID, and accurately described the suspicious transaction.  I told them it was legit, they unfroze my account, and all is well. 

So:  does this mean opening the e-mail was a good idea?  No, not really.  If I had my life to live over, I’d probably have deleted the e-mail and just called Amex.  The slightly more complicated decision tree is this:

How common is all this, anyway?

Is this much ado about nothing?  Actually, I think this stuff is important because phishing is so rampant.  Looking in my junk mail (i.e., messages my ISP determined were fraudulent), I see the following: 

• 2 messages from Apple on 2/11 saying “Your account is locked”
• 3 messages from my regular bank between 2/3 and 2/9 saying “Action Required”
• 1 message from my Visa card issuer on 12/21 saying “Notification ID: 2591912…”
• 1 message from Apple on 11/07 saying “Apple Inc | Security notice”
• 1 message from PayPal on 10/27 saying “Your PayPal account ha…”

Along with this, I see messages seeming to be from friends of mine that somehow triggered my ISP’s junk mail filter.  What if my ISP hadn’t filtered these?

Address book phishing

I’m not aware that the phrase “address book phishing” has any widespread meaning, but I’m talking about viruses etc. that replicate by forwarding themselves to everybody in the victim’s e-mail address book.  If your ISP lets these through, it can be tricky spotting them.  Here are a few ways.

Message is unexpected – Often I’ll get an e-mail from somebody I know, but who very seldom e-mails me.  For example, my friend’s wife e-mails me every so often and has done so for years.  Why would she?  Either her PC’s got a virus, or she’s trying to start an affair.  Either way, my reaction is the same:  delete that message!  If she really needs to contact me she’ll surely find another way.

Here’s a true story:  my wife e-mailed my brother several times to ask about some bike thing she wanted to buy me for my birthday.  My brother didn’t respond, either because he suspected phishing, or was just really behind on e-mail.  So the next time my brother called me on the phone, my wife intercepted the call and, before fetching me, said to my brother in a low voice, “Call me!”  He was totally perplexed, and she eventually had to call him herself.

Subject line is missing or suspicious – Of the four bogus messages I received recently purporting to be from friends, three have no subject line at all and the fourth has the subject line “RE: ” with nothing else.  The lack of a subject line is usually a giveaway unless you have really lazy friends.  Other suspicious subject lines would be the sender’s name, your name, or something insanely generic like “Hello.”  (If I e-mail a friend just to say hi, I’ll say something a bit more specific, perhaps involving an inside joke.)

Text of message doesn’t read right – Say you’re fooled into opening such an e-mail and now have text to look at.  The hardest thing for fraudsters to get right is grammar (either because they’re foreigners or because they’re stupid).  If your friends use terrible grammar and spelling, I recommend you find some better friends.  Otherwise, be very careful with messages that don’t read right.

If, for whatever reason, you decide not to open an e-mail that appears to be from a friend, it never hurts to create a new message, address it to the friend, give it a subject like “Suspicious e-mail…” and ask if he or she e-mailed you recently.  You can leave the original message in your Inbox while awaiting a response (unless you’re afraid you’ll open it by accident, like if your software is set up to automatically move from one message to the next).

So, here’s a more complete flowchart of how to handle messages:

Will this approach keep me safe?

Actually, avoiding phishing scams is not enough to keep you safe.  We’re probably all eventually doomed, because data breaches of giant databases have become so common.  For example, an insurance company I do business with was hacked awhile back, and had over 70 million customer profiles compromised, including mine.  So, if you screw up and disclose personal information and/or help a virus to spread, you shouldn’t feel too bad. 

Still, I guess it’s nice to have a methodology for not being a complete sucker, and that’s what I’ve endeavored to provide.

--~--~--~--~--~--~--~---~--

For a complete index of albertnet posts, click here.

Mourning and the Digital Age

Introduction

This will necessarily be the soberest thing I’ve ever posted.

A good friend of mine died last Saturday, trying to rescue his six-year-old daughter after she’d been swept off the beach by a rogue wave.  Both father and daughter drowned.  This indescribably sad accident is not an appropriate topic for this blog, and yet I cannot fathom writing about anything else.  Nothing else seems to matter right now, and to write on a lighter topic would be to ignore my sadness.  It’s the elephant in the room I feel I should confront, so that maybe, eventually, I can go back to more quotidian topics.

So, I’ve decided to come at this thing sideways and examine the more general notion of how the digital age affects the grieving process.  I find I have a lot to say about that.

Getting the news

There’s no good way to receive such horrible news, but some ways are more awful than others.  I learned over the phone from a friend on my bike club, who’d been contacted by a journalist looking for background on our late friend.  At least when a friend breaks it to you, there’s a moment to brace yourself as he gasps or sobs, and he’s bound to treat the news with the delicacy it demands.  Contrast that to finding out via the Internet.  I ended up googling the story because I simply could not understand what I was hearing.  The words were probably strung together adequately, but what they communicated didn’t seem possible.

It’s really jarring, and tacky, to see clickbait alongside such a tragic news story.  “Suri Cruise Looks So Grown Up on Set of Katie Holmes’ TV Show,” and “[Shocking] Remove Your Eye Bags & Wrinkles In 1 Minute!” accompanied the online news of this drowning.  As a friend of the bereaved family, I’m struggling to hang on to my belief that life is still good and meaningful, and yet there’s all this added evidence to the contrary.  These news websites are complete strangers to tact and decorum.

Then there are the typical Internet trolls, like the self-righteous shit-for-brains who commented (inaccurately), “there had been warnings of adverse surf conditions ... these were no ‘rogue’ waves.”  There was no advisory that day, and this jerk wasn’t there, and why does he do this?  What kind of sad sack makes sport of casting judgment on victims of a terrible accident?  And right below this, another comment:  “my neighbor’s step-sister makes $75 an hour on the computer.  Visit the website [...].”

Social media

I went to a website designed to collect tributes to the victims, which is fine, but everywhere I looked were rows or columns of buttons to share these tributes (and photos, etc.) via Facebook, Twitter, Google Plus, Pinterest, etc.  As somebody who avoids social media, I don’t like the idea that if I died, I might suddenly have representations of myself scattered across all of these platforms and I wouldn’t be around to protest.  This site also featured a “Donate” button to give money (presumably to the family).  Not all sorrow can be assuaged by money and I doubt this family did anything to set that up.  In the absence of a closely managed strategy—which I doubt any grieving family has the time or energy for—I could see a platform like this taking on a life of its own.

I did get some comfort from the tributes and shows of support on the website, but then I came to a post from someone who, by her own admission, didn’t even know the family but was nevertheless offering emotional support to my friend’s widow.  I found this jarring and a little chilling.  Perhaps I’m not the only one who did.  For whatever reason, the page has now been reconfigured to block anonymous readers, by requiring users to create a login.  I’m not quite ready to do that; after all, sites like this tend to overwhelm me pretty quickly.  The last thing I need is perpetual spam stemming from a glancing engagement with a web portal.

My point is, digital technology like clickbait, social media, likes, and links can creep up on us—or seem to fall suddenly out of the sky—without waiting for us to decide whether it’s good for us.  How many parents had the luxury of contemplating the influence of Facebook and Instagram on their teenagers, before those teens immersed themselves in this virtual world?  Who foretold this worldwide phenomenon?  (Answer:  nobody.  It wasn’t a phenomenon at first; it was just a technology.)  When it comes to grieving, how does the digital world fit in?  Would the healthiest thing be to close the laptop, power off the phone, and mourn in peace?

Who knows.  I do consider whether my personal inclination to opt out of social media is appropriate in this case.  After all, there are instances when it becomes antisocial to extend one’s neo-Luddite principles too far.  For example, for an adult in the corporate world not to have a cell phone is no longer tenable; we’re expected to be reachable.  And to not have e-mail in any industrialized society is nowadays absurd.  And so, when my bike club decided a tribute to our late teammate would be appropriate for our club’s Facebook page, and asked me to write it, I immediately stepped up.  It would be callous not to acknowledge the tragic death of our friend/teammate and his daughter, and I welcomed the chance to give this statement the thoughtfulness and delicacy it deserves.

Digital storage

Where the conveniences of digital life can become really wrenching is in the realm of digital caches and other storage.   On my smartphone right now, when I open Contacts, my dead friend’s name is right at the top on the “Frequently contacted” tab.  He’s also on the first page of my chat history (not deep correspondence, but just the most perfunctory logistical stuff like “Yo, I’m at Fieldwork”).  In the main phone app, there he is on the Recents tab.  In the Voicemail app, I still have a years-old message from him, when he called to see if I’d really been hauled away from Grizzly Peak Boulevard in an ambulance.  I originally kept the message as a handy way to remember exactly when that happened, but now I don’t want to delete the voicemail because it’s the only one from him that I have.  He’s all over my phone, like a ghost.

Of course most of these relics will be gradually pushed down the stack until they slip out of Recents altogether ... but that’s actually kind of disturbing too, like a bad omen.  Will my friend will be similarly pushed out of my memory by all the new stuff coming in?  (Of course not, but grieving isn’t a rational process.)  And what of my friend’s programmed entries in my contact list and phone book?  What about his presence in my archived message history, and that saved voice-mail?  I cannot bring myself to delete these.  How could I?   Sometimes humanity trumps efficiency—and perhaps it ought to.

My e-mail archive is another quandary.  I’ve got almost 700 messages from him I could sift through, looking for ways to jog my memory ... but is that healthy?  And that’s not even the entire trove; it’s only what’s stored in my current e-mail software.  I have some other virtual file cabinet I could probably delve into if I bothered to try.  At what point does this kind of sentimental, digitally assisted reminiscing shade toward the obsessive?  Obviously it would be weird and nutty to build a shrine for a departed friend, but that’s kind of what a digital archive is.  The difference is, the artifacts are enshrined automatically so we have access to them whether we’re pack rats or not.  Is it healthy to take advantage of this, or is it the emotional equivalent of picking a scab?

Browsing through old photos is even more captivating.  I hunted through my archive as part of the bike club tribute project, and was plunged ever deeper into memory, which naturally intensified the sense of loss.  How young we both look in that early photo!  (Subtext:  we go back so far, and now—nothing!)  Perhaps most bittersweet of all, for reasons I can’t quite grasp, is the last photo I have of my late friend, which is on my phone as well as my PC.  I distinctly remember him chiding me for my recklessness in riding past this bull to get the shot.

Maybe this photo makes me sad because it’s so recent, I didn’t even get the chance to e-mail it to him.

One of the hallmarks of our digital age is how we keep hopscotching from one brief thought to the next, based on this or that alert, picture, or other stimulus.  Such digital saturation is notorious for precluding careful contemplation.  Perhaps this is why I keep catching myself being self-indulgent—too wrapped up in my own grief to look at the bigger picture.  This family lost a father, a husband, a daughter, a sister, a brother, and a son.  I only lost a friend.  My grief is entwined with a more complicated feeling, something like guilt.

This feeling hit me like a hammer when, sitting at my desk and staring into space, I noticed my slide-show screen-saver start up.  It picks photos at random from my hard drive and displays them for 5 seconds apiece. At first the photos of my wife and kids, going back so many years, started to cheer me up—oh, remember when the girls were small, and wore dresses, and held hands?—and then I had this horrifying thought:  what if I had lost a daughter and a spouse?  Suddenly this slide show would be a torment.  Instead of showcasing family—the best part of life—it would highlight what has been taken away.  The entire photo archive, along with the e-mail archive and all those artifacts littering the smartphone, and so many posts and photos scattered across all those social media platforms ... all of these would intensify the grief.  What a torment.

I suppose I should try to coalesce these thoughts into some kind of pithy conclusion, but nothing is coming to me but the sense that it’s time to save this file and power down. 

--~--~--~--~--~--~--~---~--

For a complete index of albertnet posts, click here.

An Open Letter to Spammers

NOTE:  This post is rated PG-13 for mild strong language.

An open letter to spammers

A natural way  to start this letter would be to rail against you spammers for being scumbags, but that’s really beside the point.  Everybody knows you’re scumbags, including you.  Perhaps you justify your behavior by feeling utter contempt for those who actually open your e-mails, and who even sometimes click on the link within, or (gasp) open the attachment.  It really does amaze me that there are people who fall for this, and I don’t exactly admire them either. 

What really bothers me, though, is that your methods—which you probably think of as “crude but effective”—are mostly crude and couldn’t possibly be very effective.  Frankly, “crude” doesn’t cover it:  your methods are monstrously stupid.  If you weren’t so stupid—that is to say, if you weren’t such absolute shit-for-brains types that it probably stinks when you think hard—there wouldn’t be so much collateral damage:  that is, we wouldn’t have the sheer volume of spam messages your non-victims nonetheless have to clear out on a daily basis.  If you had any brains at all, you could get the same results without clogging up the Internet nearly so badly.

It’s natural to be lured toward a grudging respect for the really cunning criminal, like the jewel thief who slips into a museum during the dark of night, outwits all the laser-beam motion detectors, and makes off with the big diamond.  Roald Dahl wrote a story that painted a pickpocket in a positive light.  The cool French movie “Diva” featured an attractive character who was, among other things, an expert shoplifter.  But, vile spammer, your methods are so grossly ineffective, the fitting criminal analogy would be the last guy who stole gas from my old Volvo, who was too lazy or stupid to pick the lock on the gas cap and instead did hundreds of dollars in damage prying it open, just for about $20 worth of gas.  Sure, H.L. Mencken was right when he said “Nobody ever went broke underestimating the intelligence of the American public,” but that doesn’t mean anyone can get rich doing a really stupid scam.

I’m going to detail here all the ways in which your methods are really lame.  In doing this I hope to help you understand that you are just barely smarter than that tiny fraction of a percent of your recipients who actually give you want you want.  Perhaps some people reading this will by miffed that I could be helping you improve your game, but a) real spammers are probably not reading this, and b) this post also serves as a way to help people see through spammers’ absurdly unsophisticated schemes and be better at evading them.

Stock tips

I got an e-mail recently titled “My Huge New Pick!!!”  At first I misread it and thought it said “My Huge New Prick!!!” and I assumed it was from a congressman showing off his new male enhancement.  But no, it was just another stock tip from a complete stranger.  (At least, I assume it was.  Needless to say I didn’t open it.)  In the last week I’ve also received “Huge Day For Our Latest Pick,” “This Stock in our new SUBPENNY,” “A Breaking Bull That's Ready To…” and “It Looks Strong on Solid News.”  My favorite?  “The Upside Potential is Unbelievable.”  That last example is almost certainly accurate:  the potential is truly not to be believed.

Look, just give it up guys.  Why would anybody accept a stock tip from a complete stranger, a tip which is obviously broadcast completely indiscriminately?  What could be the motive:  altruism?  Yeah, right … an altruistic spammer.  Surely it’s a way to get people to buy stock in a company just to boost that company’s stock.  But why would anybody invest in a company with such a pathetic strategy?

Yeah, yeah … “There’s a sucker born every minute.”  But how many of these suckers actually have the know-how to complete a stock purchase online?  If they fell for your e-mail, there’s a pretty good chance they’d spell the ticker wrong.

Sequential messages from the same sender

Often I get bursts of spam where the pretend name of the sender is the same several times in a row.  Look at this:

I can’t imagine these are from different senders.  Something is clearly wrong with this spamming system—it should detect duplicate “send to” addresses.

And how do you come up with the fake names?  Why not choose something more common?  I suppose it’s possible I could actually know somebody named Marina, or that I’d at least think it possible that there was a Marina in my past I’ve temporarily forgotten about, who has bubbled up on the Internet to reconnect.  But look at the putative addresses of these various senders.  Could I really forget a Marina whose e-mail address is "snugglebunny"?  Or could I actually believe I’ve forgotten about a Marina from Russia?

I’m tempted to take you to task for the transparency of having senders’ names not match their addresses (e.g., the Marina whose address starts “laura_c” or the Marina whose address starts “tjr), but I acknowledge that popular e-mail platforms like Gmail and Outlook mask the sender’s address.  Well, you’re not fooling me.  And anybody who finds an e-mail suspicious can look at the Internet headers in Outlook, as shown here.

Sequential messages with the same subject:

Here’s another burst of obvious spam I received recently:

I don’t have six different bank accounts, and I’m pretty sure it would take a major life event for all of them to be put at risk simultaneously.  Clearly this is another problem with a spam distribution mechanism. 

Transparent phishing

Taking another look at the snapshot above, there’s another obvious sign these messages are bogus:  since when do banks use an individual sender’s name when they contact you?  And even if they did, given that most of these customer service folks are probably in India, wouldn’t they pick more generic-sounding fake American names than “Bella Flowers”? 

Yes, there are some people out there who might actually believe a bank would contact them via e-mail due to an account problem.  But for every phishing success story there are probably thousands of would-be phishers coming up with an empty hook, every time.  Your success rate is probably dismal, and just remember:  the other, better phishers are probably laughing at you.

For those readers looking to avoid getting scammed, here’s an easy rule of thumb:  if an e-mail claims to have anything to do with any account you hold at any institution of any kind, delete it.  Banks and such don’t like your account to go away, and they’ll figure out how to reach you.  Believe me. 

I’ve only ever known of one false positive:  way back in 1999, I got an e-mail from some no-name outfit called PayPal titled, “Joe Blow has sent you money!”  Except it wasn’t Joe Blow, it was a guy I know who’d left Visa to help start PayPal.  They wanted me to enter my checking account information, and I’d get money right in my account.  Amazingly, this ended up being legit, but since I hadn’t heard about it through the guy I knew, I didn’t bite.  What am I, stupid?  Of course, had I accepted I’d have made a buck or two, plus the right to brag about being one of the first-ever users of PayPal.  But you know what?  Bragging about being wary of phishing before anybody had ever heard of phishing isn’t so bad either.

Errant capitalization

What do these subject lines have in common?

Huge Day For Our Latest Pick

My Huge New Pick!!!

It Just Issued More News Momen...

A Breaking Bull That's Ready T...

It Looks Strong on Solid News

Well, despite the title of this section, I’ll bet you didn’t get it, you moron, so I’m just going to tell you:  these phrases all have words that are unnecessarily capitalized.  Sure, this used to be standard, back in the 18th century.  But unless you’re pretending to be Ben Franklin e-mailing from beyond the grave, give it a rest.  Real humans don’t use capitals like that, and if my friends start doing it, they’ll just have to start phoning me because I’m not reading any more of their e-mails.

Nonsensical subject lines

Look at these e-mail subjects:

It Expected to Move Higher

my, (YOU) asked...

Be the women' h...

How could “it” have any expectations?  I think “It’s” was meant, but maybe the spammer couldn’t remember the “it’s” vs. “its” rule and just deleted the “s” entirely.  The second example … who knows where that went wrong.  Sure, there are people who don’t understand punctuation, but I hardly think most of them sprinkle around commas and parentheses like so much garnish.  And the apostrophe after “women” is completely bizarre.  A good many people might stumble when trying to remember whether an apostrophe goes before or after an “s,” but after an “n”?  Really?

This example of patently obvious spam needs no explanation:

Discount pharmacy and Viagra

The market in black-market Viagra has got to be well and truly saturated by now.  Keep in mind that it’s fairly widely known that Viagra isn’t an aphrodisiac, so by sending a man a Viagra offer you’re insulting his manhood.  This has always been a narrow market and very well served by the several offers per day everybody has been receiving for the last fifteen years.  Just stop.

I receive lots of other “online pharmacy” messages, of course; the most recent was from “Love” and was titled “Online pharmacy buy cheap disc…”  (Surely “discount” was the truncated word there, and the redundancy of “cheap” and “discount” surprises me not at all.)  Again, this has got to be a really tiny niche.  In my experience, the less educated Internet users tend to be the more paranoid ones.  How many would actually toss the dice on illicit prescription meds online?  After all, if they get ripped off they can’t exactly bring in the cops (nor will anyone cry for them).  How can they possibly establish the trustworthiness of the seller?  This is the online equivalent of the college roommate I had who kept getting shafted by dudes in People's Park selling him oregano they said was pot.

Quasi-spam

This isn’t quite as stupid, of course; I’m talking about outfits I once gave money to who now pester me relentlessly.  There are so many reasons quasi-spam is smarter than the Gatling-gun-shots-in-the-dark strategy your lowly ilk employs.  For one thing, these outfits know I have money, and for another, they know I know who they are.  But still, it’s annoying.

For example, I have set foot in The Walking Company exactly twice.  The first time was during Christmas shopping, and I bought some slippers that were half off and a couple of blankets that were 80% off.  Since then I’ve been getting an e-mail solicitation from them practically every day.  Most of them are totally pointless—“NEW Cork Sandals For Spring!”—but one offered some amazing blowout sale on a pair of shoes that I miraculously had actually already had my eye on.  (Miraculous because I’m a typical guy and buy a pair of shoes every few years.)  So I went there, found out the shoes were mail-order only, vowed on the spot to boycott The Walking Company for life on principle, and went to a competing shoe store in the same mall where I bought a nice pair of shoes and like 15 pairs of socks.  A spiteful purchase?  Possibly.

Then there’s the former Presidential candidate who continued to e-mail me asking for money for years after he’d wasted the money I already gave him (i.e., after he failed to get elected).  Pretty shameless.  Which brings us to the poster child for quasi-spam, “Ranger Rick” magazine, which keeps up a constant barrage:

Such lies.  “Limited Time Offer”—there’s always another offer.  “Last Chance!”—really?  If I don’t renew my subscription, they’ll never let me subscribe again?  Yeah, right.  The kicker here is that I would never, ever renew my subscription, for the simple reason that “Ranger Rick” punishes its loyal subscribers by giving them really crappy renewal rates.  I let the subscription expire and then signed up as if I were a totally new subscriber, for about half the price.  I thought they’d figure that out but I guess they haven’t.

Alternatives to spam

Of course, you could argue that the flip side to spam is targeted ads, like Google’s AdSense nonsense.  As I’ve explained at length, I’m no fan of that, either.  But it doesn’t clog up my Inbox, and at least there’s a very simple way to kill it.  More insidious is the way social networks are contriving to get people to essentially advertise things to their friends.  That makes me sick.  (It brings to mind the non-virtual pyramid schemes that have been around forever.  A friend of mine once tried to bring me in on a Super Blue Green Algae deal and I never talked to him again.)

But the real flip side to spamming is simply not spamming.  Has that ever occurred to you?  To just go find something more constructive to do?  Of course it hasn’t.  You scumbags.

Smartphone

I got a BlackBerry. I have to say, it’s a pretty spiffy device. Are you annoyed with me for saying so? If not, I will proceed to enumerate its qualities. I can peek real quick at my e-mail, and calendar, without going to my PC and logging on. I can look at an online map when I’m lost, or check the Giro d’Italia results when I’m at my kid’s soccer game. It has a camera, and I can send the photos right to my e-mail instead of paying a cell phone company to transmit them to somebody. And I can “tether” my PC to it and enjoy wireless Internet access virtually anywhere.

Okay, now you’re annoyed. Good. I needed to get you to this place to prime you for my forthcoming examination of why such a seemingly innocent device can make normal people seem annoying, or at least bring out the latent annoyingness in all of us. (I also wanted to acknowledge the worth of this device, lest I seem hypocritical. Having become accustomed to its convenience, I wouldn’t want to give it up.) Finally, though this post isn’t a review of the BlackBerry or iPhone or any other smartphone, I’m hoping the proximity, in this sentence, of “review” to “BlackBerry” and “iPhone” will cause Google searches to direct people to my blog.

So, what is it about smartphones that gets people's heckles up? Let’s take an inventory.

Aesthetic issues

A phone doesn’t have to be very smart to be annoying. Obviously, simple musical ringtones can pollute any public transit or marketplace atmosphere. The common hands-free cell phone functionality makes it impossible to tell the real crazies from ordinary people having a heated argument with an unseen party. And I often see some joe walking down the sidewalk engrossed in conversation and—without realizing it—holding the clip-on microphone right near his mouth, without any idea what a total idiot he looks like. The devices themselves don’t look bad, but just add humans and you get some pretty unpleasant spectacles.

The fancier the technology, the worse this gets, as illustrated by the Bluetooth receiver that clips onto your ear. Are people really so lazy, or so often on the phone, that this thing could possibly make sense? The first time I saw a Bluetooth ear thingy, my unspoken reaction was “Aw, poor guy, I guess he’s mostly deaf, and needs the most powerful, clunky hearing aid on the market.” I was shocked to learn it was a non-essential accessory worn by choice.

Outside of the devices themselves, the hype their creators have generated becomes tedious. My seven-year-old asked me recently, out of the blue, “Daddy, which type of Blackberry do you prefer: yours, or the touch-screen kind?” Aghast, I asked where she’d heard of the touch-screen model. “You know, those bulletins along the highway,” she replied. Aren’t these devices popular enough without ubiquitous billboards advertising them?

Behavioral issues

Invariably, these modern electronic devices are equipped with useless little electronic games. Often I see people—upscale, well-dressed, presumably gainfully employed people—on the train playing Tetris or Solitaire on their PC, smartphone, or whatever. On the one hand, how they spend their time is really their own business. But on the other hand, I find this behavior offensive. I truly believe I could find totally useful ways to fill a 36-hour day, and I’d still go to bed every night lamenting the things I couldn’t find the time to do—and yet here these guys are, killing time as ruthlessly and pointlessly as Buffalo Bill and his ilk when they slaughtered all those buffalo, shooting at the innocent beasts from their train windows as they passed, out of sheer boredom.

At a trade show recently, a guy in one of the expo booths saw the corporate logo on my shirt and thought maybe I could help him with his BlackBerry. (I work in telecommunications.) He joked that if I could solve his problem, he would guarantee that I’d win the bike they were raffling off. I said I’d do my best. His complaint was that when he played Brickbreaker, a little game on the BlackBerry resembling the first Pong video game ever invented, he couldn’t get past a certain advanced level because the software would lock up. How could he get past this?

This was a real dilemma. On the one hand, I had no idea how to help (having only briefly examined Brickbreaker before dismissing it from my life forever). On the other hand, I didn’t want to seem unhelpful. Fortunately, in a college rhetoric class I had learned some useful tricks, such as “slipping between the horns of the dilemma.” In other words, I could offer this fellow an alternative solution: “Get a life!” Of course, being a nice guy who is representing his employer, I didn’t put it this way. I suggested instead that instead of Brickbreaker, he take advantage of another BlackBerry feature wherein you can rearrange the icons on your device’s desktop to your liking. It’s like a game—whenever you move one icon to where you want it, you disturb the ideal location of another icon, just like a sliding-number fifteen puzzle—except that when you’ve finished “playing” you’ve actually accomplished something. Plus, this application never crashes. (As you may have guessed, the guy didn’t like this suggestion.)

I think the strongest reaction against smartphone-using behavior comes from those who don’t appreciate the trajectory that these technological advances tend to take. In the beginning, the hi-tech device confers a rare advantage on the user—a lucky thing for him, without any effect on anybody else. (For example, the smartphone user can read his e-mail even when he’s not at his desk.) Then the new capability becomes something others can count on, which creates a new burden for the user. (Having a smartphone means being available to others on e-mail all the time.) Eventually, the technology becomes sufficiently widespread that everybody counts on everybody else having it, and those who refuse to adopt it cause actual resentment. If you don’t believe this, think about your reaction last time you tried to phone somebody and he didn’t have voice-mail or an answering machine. Or, imagine how annoyed you’d be if a friend or relative decided to renounce the telephone entirely.

Arrogance , showiness

Of course the main complaint people have with the early adopters of a slick and expensive new technology is the smugness these adopters tend to have. There’s a propensity among these people to go out of their way to use the new technology right in front of you, ignoring the fact that unless the technology is Botox or a padded bra, it isn’t doing the onlooker any good at all. It’s just an obnoxious display of one-upmanship—bad enough when the technology truly is impressive, and even worse when it’s not.

Somehow, the silent features of the smartphones make the user think he’s not only inaudible but invisible. Many cell phone users have, by now, figured out that they should step away from a public space to make (or field) a phone call, but the texters and e-mailers have evidently not. For example, a colleague from another branch, who invited me to lunch, spent most of the meal trying to buy something at an online auction. (I was not impressed.) Or consider our babysitter, who tuned out from our (albeit inconsequential) conversation to exchange some (doubtless utterly worthless) text messages. I’ve seen people in meetings go from letting their eyes flit momentarily to their smartphones to sharing their attention equally between the smartphone and me, to eventually forgetting they were in a meeting at all and peering with utter absorption into their smartphone screens. Miss Manners would see fit to have these people electrocuted.

Sometimes it’s not the use of the device but the mere display of it that is showy. I refer you again to the clip-on Bluetooth receiver. The second time I ever saw one of these was (coincidentally) at a Vegas trade show. A really cheesy guy, in a suit and tie and looking like Dilbert’s boss, was taking a parade lap of the convention hall with a hired bimbo on each arm, looking exceedingly proud of himself (as though anybody in attendance thought for a second he hadn’t just hired the bimbos like people used to hire a team of horses to pull their carriage). His glittering Bluetooth receiver was of a piece with his suit, his grin, and the spectacle of his bimbo parade. My colleague Brendan, as disgusted as I was, couldn’t take it and ran up to the guy. “Sir, sir!” Brendan cried out. “There’s something in your ear!”

Eye of the beholder?

The problem with diving right into this righteous indignation is that we’re prone to finding fault that isn’t really deserved. For example, what if I’m organizing the icons on my BlackBerry’s desktop—a perfectly reasonable thing to do—and you incorrectly assume I’m wasting my time on a dumb game? Or, consider my brother Geoff’s observation that people like to show off their fancy phones by setting them on the table when having a meal or coffee. For years I, too, thought of this as a needless display. But when I got my Blackberry I came to realize why people do this. It isn’t to show off the phone; it’s because cell phone buttons (especially on older, non-flip-top phones and modern smartphones) have a tendency to get pushed when you sit down with the device in your pocket. Once, as I sat down to lunch with a colleague, my Blackberry dialed the last number in memory, which turned out to be his. Imagine his surprise when the caller was—me!

Which brings me to an e-mail exchange I had with my brother Bryan. The first time I tried out the Blackberry camera feature, I discovered that I could e-mail photos directly from the phone. Of course I had to test this (and, yes, show off), so I sent a couple of photos of my daughters to my brother. I should have known I’d be in for it.

The Footer

Of course I knew about the footer, “Sent using Blackberry,” that would be attached to the e-mail to my brother, and I had a pretty good feeling that a) for good reason, and b) because he’s my older brother, Bryan would be commenting on that footer. I was not mistaken: click on the e-mail snapshot below to read his message.


(For the record, I don’t have cocktails before lunch, nor do I own or drive a luxury sedan.)

Bryan doesn’t explain exactly how my “Sent using BlackBerry” puts him at relative ease. I'm guessing it’s that he figures my use of this header is unintentional, that the footer is factory-configured, and all the footers from BlackBerry users are also unintentional, and thus people aren't as pompous as he’d feared. And I think he’s partially right. I propose that there are four main categories of smartphone user, which I will describe in descending order of annoyingness.

The first category comprises those who really are that proud of their smartphones, their connectedness, their with-it-ness, and their high-flying wi-fi ways. These people would go out of their way to put a “Sent using BlackBerry” footer on their messages even if it weren't pre-configured.

The second category covers the people who might be on the fence about whether or not to boast openly about their BlackBerryness, and would have to think hard about whether to set up the footer, but who don't have to decide because the footer is sent by default and they're perhaps glad the decision was made for them.

The third category consists of those who don't like the footer and wish it wasn't on there, but can't figure out how to remove it. (This process is not actually very straightforward, which is possibly by design.) These are the ones who, whenever e-mailing from their Blackberries, feel the “wince of remorse” my brother imagines.

The fourth category consists of those who don't like the footer and remove it. Of course, we have no way of knowing how many BlackBerry users fall into this category, because they're invisible. Their messages might as well have come from an Ethernet-connected PC.

Which brings me to my own case. As it happens, I don't fall into any of the four categories I set forth above. (Makes you wonder at their validity, eh?) To begin with, I was inclined to delete the footer. Before being issued a Blackberry of my own, when I got e-mails from Blackberries (or iPhones, which carry their own footer), I had always found the footer slightly boastful too, though thankfully I never said anything to anybody. (“You all without sin can cast the first stone....”) But on the verge of deleting my footer, I paused, reconsidered, and backed off. Why?

Well, for complicated reasons you surely wouldn’t care to hear about, I’m pretty sure my employer wants to promote Blackberry. That may be part of why they pay for my phone.  And so, as a good corporate citizen, who gets to enjoy the capabilities of this actually rather groovy device, I would feel pretty shabby removing the footer, or changing it to something like “Sent while driving.”

Evolution

I think the growing success of smartphones will eventually eliminate the ostentation of their users. We’ve seen this evolution before. Remember when phone answering machines were new? People would go out of their way to record funny, often elaborate outgoing messages. Many corporate types recorded a fresh outgoing message every day, announcing their general availability and such. But I don’t come across such custom messages anymore. (Do you?)

It also seems to me the cell phone culture has become more subdued. When cell phones were only in the hands of the elite, it seemed like those who had them talked a lot louder, and more often, in public. Whether through natural evolution or the efforts of businesses like restaurants prohibiting them, this activity has died down, even while the number of cell phone users has skyrocketed. I have read that the ringtone industry peaked in 2003 and has since died down quite a bit; apparently cell phone users eventually realized that custom ringtones just aren’t that cool after all.

Other technologies, too, have mellowed out or disappeared. Car alarms, once a must-have for anybody who thought his car (and/or car stereo) valuable, have gone from an epidemic to a blessed rarity. When e-mail first took hold, the number of forwarded jokes threatened to paralyze us all until people evidently tired of participating in the e-mail-tainment (though spam has stepped in to perpetuate our annoyance). Maybe in time the smartphone will evolve from a gee-whiz cutting-edge product into a basic, uncelebrated tool, and smartphone-originated e-mails won’t carry the “Sent from…” footers anymore. Indeed, I can foresee a world where the standard reaction to such a footer would be, “Well, duh!”