Digital Life: It’ll be harder phishing for suckers next time

You didn’t click it, did you?

Or maybe, like about a million others, you did.

It was a phishing attack, as in phraud, and you were ph … phooled.

Somebody launched a particularly crafty play to worm into your Gmail account last week and gain the keys to your personal virtual kingdom.

Chances are, you got an email from someone you actually know. The message looked every bit like every other offer you’ve had from a co-worker to share a Google Doc. Then it took you to a page giving “Google Docs” permission to manage your emails and other Gmail features.

Google said it squashed the scam within an hour of detecting it.

So the sun rose the next morning. You could still drive local merchants out of business with your Amazon buys. Uncle Frank could still rail about the gold standard on Facebook.

If anything, the digital world should’ve emerged a little more hardy. By ultimately beating the infection, our collective immunity grew stronger.

The attack alerted cybersecurity types to a clever spin on phishing scams.. Ordinary humans suckered this time will click more cautiously on the next one — or not click at all. This is a process.

Just remember that it’s ongoing. The hacker arms race never ends.

It’s scores of criminals in Kiev pecking away at keyboards hoping to bust into your bank account. It’s U.S. intelligence forces, like the ones who sent uranium enrichment centrifuges spinning out of control in Natanz to set back Iranian nuclear ambitions. It’s whatever is going on between the Pentagon and Pyongyang these days, between corporate America and organized crime.

FBI Director James Comey last week drew headlines for conceding stomach distress that he might have turned the presidential election. But in the same testimony to a Senate committee, he talked about botnets.

“These are the zombie armies of computers that have been taken over by criminals lashed together in order to do tremendous harm to innocent people,” he said.

“Last month, the FBI working with our partners with the Spanish national police took down a botnet called the Kelihos botnet and locked up the Russian hacker behind that botnet, who made a mistake that Russian criminals sometimes make of leaving Russia and visiting the beautiful city of Barcelona. And he’s now in jail in Spain and the good people’s computers who had been lashed to that zombie army have now been freed from it and are no longer part of a huge criminal enterprise.”

Zombie armies? Jeez. But again, in the end, the cops beat the robbers.

That’s little solace to people who fall prey to the endless scams. Identities get stolen. Accounts get looted. Intimate pictures get spilled onto the internet, as hard to remove as pee from a swimming pool.

But we’re getting smarter. Passwords such as “password” are being replaced with “P@$w3rd” or better. You know not to use words from the dictionary or the same password everywhere, right? Or you’ve begun using a password manager, which, I promise, is both safer and easier than what you’re probably doing now.

And you’ve learned lessons from this fake Google Docs attack. For instance, Google Docs doesn’t ask a user to provide access to "Google Docs." So if you get asked, the answer is no. For nearly everything online, think twice and err toward caution.

But you didn’t click through, did you?

This story was originally published May 8, 2017 at 7:00 AM with the headline "Digital Life: It’ll be harder phishing for suckers next time."