Phishing can be effective

Have you ever gotten an email that looks real but feels wrong, an email trying to get you to click a link in the body of the message? It may have been a phishing attack, and that sort of thing is becoming more and more common.

Fish, which sounds like phish, and has nothing to do with phishing

A typical phishing attack email is a message that tells you that there’s something wrong with one of your online accounts and that you need to click a link and log in right away to do something. That’s the kind of message that tricked John Podesta, the chairman of Hillary Clinton’s presidential election campaign. He got a message saying there was some problem with his gmail account, he clicked the link, got something that probably looked like the gmail login page, and he typed in his username and password. But the message wasn’t from gmail, and the login page didn’t belong to google. Unknown to him at the time, Podesta had just handed over his gmail credentials to criminals who then logged on to his gmail account, downloaded copies of his email, and published them on wikileaks.

That motherboard article shows a screen shot of a similar phishing message sent to someone else on Clinton’s campaign. The message told the staffer that someone had just logged on to his account from the Ukraine, and that he needs to use the link in the email to change his password immediately.

email messages like that prey on our fears, and they work well. If you get an email like that, don’t click anything in the message. Go to gmail (or whatever) via a bookmark or a web search or by typing the address yourself. Then log in and check on your account, changing the password if you need to.

Sometimes phishing messages try to appeal to emotions other than fear. The holiday season sees lots of phishing messages claiming to be from Fedex or UPS telling people to click a link to  track a package. Other effective phishing attacks ask the victim to click a link to make a charitable donation right after a natural disaster.

If you need more evidence of how effective these attacks are, remember that the Target breach happened because someone fell for a phishing attack, or read about how the city of El Paso lost $3.3 million in a phishing scam.

The main character in your story might want to use phishing to take over someone’s email. It’s the kind of thing your readers will find plausible, because they’ve probably heard lots of stories of that happening. They may have even experienced it themselves.

Photo credit to Ching for Fish, Creative Commons.

Being a sysadmin is not sexy (part 1)

A sysadmin is someone whose job is the care and feeding of one or more servers (sysadmins frequently look after several servers). This is a job which is mostly boring (day-to-day stuff) but which is occasionally terrifying (when something unexpectedly stops working). There’s often not a lot in between those two things. If you are writing a story with a character who does this kind of work, don’t portray them as someone whose job is constant excitement, because no one will believe that.

A sysadmin’s celebrity among the non-technology people in the organization is often inversely proportional to how well she does her job. If this sysadmin is effective at her work, people tend not to know who she is. If that sysadmin is not good at her job, many people tend to know her name. This is a job where anonymity can be desirable.

Servers tend to run server applications (also known as services), which can be all kinds of things:

  1. A server might run an application commonly called a web server (Apache and Microsoft’s IIS are popular web servers). You typically interact with this service through your web browser.
  2. A server might be a file server. If you’ve ever used the “map a network drive” feature, then you’ve downloaded files from (or uploaded files to) a file server.
  3. If your organization runs a centralized accounting system, then that accounting system likely runs as a service on one or more servers. You might interact with this service through a desktop application or even a sophisticated web-based interface.
  4. email is another good example of a high-profile server application. Although users interact with email through a single desktop application (like Outlook), email usually happens by way of a pair of services: one for sending and receiving email (to and from other email servers), and one for retrieving email messages from the server to the desktop application.

A single server might run several different services.

Ideally a server and its server applications run smoothly and don’t need a lot of help beyond ordinary maintenance. This is the relatively tedious part of the job:

  • The server requires backups, which are frequently automated processes.
  • If the sysadmin manages a complicated application running on a server, that application may have many users. As people come and go, there’s a lot of giving this new person access to that, taking away that person’s access because they left, etc.
  • The server and its applications often have upgrades become available. This is a never-ending chore. It’s not uncommon for the organization to schedule a maintenance period during which the services will not be available to users. This is called “downtime,” and it is unpopular with users. The sysadmins use this time to apply the updates. This is typically routine, but can be stressful, because it can be difficult to recover from a failed upgrade (this may require restoring data and/or the operating system from a backup). These maintenance periods are commonly at night, over a weekend, or even during a holiday, which is not a fun time for the sysadmin to have to work.

In the next post we’ll look at what happens when things don’t go smoothly.