The Watchdog: In computer security, you’re as good as your weakest link

The last person in the world a spammer should send a brazenly criminal email to is me. My email address alone — watchdog at — has a ring of authority to it. Sure, I’m not the FBI, but my coverage beat includes idiots who do things like that.

But every day I get them. Just like you.

How about my poor friend Carol S.? Did you know that on a trip to the Philippines she was attacked by unknown gunmen? Yes. It’s terrible. She even sends me a note seeking my help.


“All we need is 2,500 USD,” she writes. What American doesn’t know that you write it as $2,500? That’s the tipoff that something’s wrong — and it’s not Carol stuck in Manila.

Poor Carol somehow typed her email password into the wrong place, giving a hacker the chance to take over her account and pretend to be her to all of her friends. I bet Carol has never even been to the Philippines.

Beverly A. gets a note from her cable TV company. “We are currently upgrading with a hard spam protector.”

The note asks for her email address and password. If she doesn’t send it, “your email account will be deactivated from our database.”

Carol isn’t sure what to do.

“I didn’t respond,” she tells me. “Should I?”


I take my computer mouse and hover the cursor above the email address the note supposedly comes from. A popup box shows the real address: a domain. Fake. But I’ve got to admire the chutzpah of someone sending a spam note while pretending to be a spam protector.

The University of Texas at Dallas sends The Watchdog an important note: “Hello, we have upgraded our old server (ODS7AT) to a new server (NWS70GZ) for better delivery service. So endeavor to update your webmail account status.

“Full name:

“Date of birth:



I hover my mouse over the address and see that it doesn’t come from utdallas. edu, but from another domain. Then I type ODS7AT into a Google search box and see the results. Scam.

– – – – – – – – – – – – – – – – – – – – – – – –

More Watchdog Nation News:

Watchdog Nation Partners with Mike Holmes

America meets Watchdog Nation/Listen to Fun Radio Interview

Watchdog Nation Debuts New e-Book and Multi-CD Audio Book

– – – – – – – – – – – – – – – – – – – – – – – –

“We are aware of scams where the UT-Dallas name is used in an attempt to obtain personal information about the recipients,” university spokeswoman Katherine Morales tells me. “While it used the UT-Dallas name, it was not distributed by UT-Dallas computer systems.”

As readers of The Dallas Morning News Dave Lieber Watchdog column first learned, the threat to personal and business computers is that it takes only one gullible person to compromise an entire network. If you knew my business password, for instance, you could instantly impersonate me to the outside world.

You could write to all the people in my contacts, as me, and ask them to download something really bad on their computers to take over their machines for criminal purposes, install viruses and remove sensitive information. Or you could ask them to send you money in USD.

That’s why I want to tell you what Tom Cochran did last month. He’s the chief technology officer for Atlantic Media, which publishes The Atlantic magazine and other publications. Before that, Cochran was director of new media technologies at 1600 Pennsylvania Avenue.

Cochran pranked employees at the company, but it wasn’t for fun. He sent everyone on staff an email asking for their password. He didn’t want them to do it. He only wanted to see who would fall for it. Bad news — 123 staffers did what he didn’t want them to do.

Cochran scolded employees in a companywide email: “Across our entire company, 58% of us clicked the email after opening it. Wow. Fifty-eight percent! With those odds, all a scammer needs to do is craft an intriguing enough subject line and they have a great chance at getting your account information. Then, you’re hacked and so is Atlantic Media.”

In the company, 67 percent of corporate staff fell for it, and 73 percent of staffers at Quartz, an online magazine, tripped up, too.

“All it takes is one stolen password and we are hacked,” Cochran continued. “Then we could have a website defaced, Twitter account tweeting false information, financial information leaked, expose your sources and a lot more.”

Cochran tells me hacking is “the No. 1 drag on the digital economy. All this fraud and fear. You’re really only as secure as the weakest link in the company.”

He adds, “It’s not that you should be scared. The tools are available.”

The main tool is two-step authentication. This is important to know. In addition to signing in with your password, more websites, especially those for financial institutions and email accounts, are offering a secondary numeric password for entry.

You don’t have to memorize it. You get that password through your cellphone as either a text or a voice message during the sign-in process. Unless a hacker has your cellphone, he or she can’t get past the second step.

Cochran is proud that at Atlantic Media, everyone now uses two-step authentication. If it’s offered, take it. Don’t ever give out your password. And if you get an email from me saying I’m stuck on the other side of the planet and need USD, you know what not to do.

Avoid scams

Marcus Rogers, Purdue University computer professor, offers these self-protection tips:

•Never give up personal information to anyone who writes or calls seeking it. Most likely, he or she is a criminal.

•Don’t be fooled by an email or website that looks real. It’s easy to make copycat sites.

•Be mistrustful. When in doubt, use the phone to check if something is real. But don’t call the phone number in the email or on the website because that could be fake, too. Get the number elsewhere.

•If someone sends you a link, don’t click on it unless you know it’s real. Call or write to double-check its authenticity.
– – – – – – – – – – – – – – – – – – – – – – – –




Dave Lieber book that won two national awards for social change.\

Still here? Visit Dave Lieber’s other fun websites:


Hipster site: