Detached From The Attachments

In spite of all the times I emphasize to everyone within earshot to stop sending me plain vanilla e-mails containing URLs to click on, my friends, relatives, students – they all do it. The volunteer members of a Board I served on finally got my message and added personal notes to e-mails so their recipients could verify the origin, but they still attached the main body of the e-mail as a doc file when it could have been as easily included in the body of the letter. Even that only lasted for a few months and then they went back to sending e-mails with titles like “Latest update,” and a body that consisted totally of something like, “Attached is the results of our latest work for you. Please open and comment. Your friend.”

Maybe it’s me. I told a group of senior clients that I added a bogus name to my Contacts such that it would bounce back to me if anyone sent a message to that address. This simple technique can alert me if my Contacts list has been compromised by some malware. They thought that was a clever thing, and since it didn’t cost anything, they would try something like it. Checking back later, none of them had.

Again, maybe it’s me, but simply adopting a rule that I will never open an attachment or click on an e-mailed URL is unacceptable. If I had adopted such a rule, I would have missed the timeless elegance and humanity of this contrasted with the timeliness and wit of this. (You’re on your own here – click on them or not. See below for a hint of what they are.)

Subscribers to most news sources are routinely warned to avoid e-mails that promise you nude pictures of Paris Hilton, official looking warnings from the FBI, anonymous “I love you” messages from secret admirers, or messages from any bank asking you to confirm your account information. Yet on your birthday, should you open those e-mail cards that have a lot of nonsensical letters and numbers following the “Click here” plea?

The truly peculiar thing is that phishing scams must work because there are so many of them. The people who do it would get less risky, honest jobs if they paid better. Have you ever quarantined and dissected a virus or other malware? A lot of thought goes into them.

Well, this whole rant was provoked by a spate of well-meaning e-mail messages coming from clients (among others) who did not follow any common sense precautions. When I get a long doc file attached from someone who hasn’t alerted me that it was coming, I have to decide whether to take the time to confirm it is valid, ignore it with all the pain that can cause, or trust my protective software to fumigate it in a timely fashion.

As to the last option, my philosophy is protective software should be a safety measure roughly like a seatbelt. It should only come into operation when other things have failed – such as a tire blowing out. It’s always nice to have at least one untested barricade between you and the wolves.

So I will continue to advise students and others to avoid unnecessarily attaching doc files. (Note: I am not just picking on doc files. Other types can be even more dangerous. Images and especially screen savers can be problems. However, I think many most people attach or receive doc files routinely.) Either put the text in the letter or convert it to txt or rtf before attaching. I will suggest they make titles personal, and include some idiosyncratic information in the body of the letter.

My site contributions: the first unknown URL above is the magical mystical tour through Chernobyl by motorcycle. It should be required viewing for all school children. The second is a witty response to Christo’s New York adventure. That doesn’t mean you are safe by clicking on them. It just means that is what I say about them. I accept no responsibility whatsoever for anything.

For more in-depth tips on tutoring seniors, see the complete tutorial here. I also have posted a tutorial on elementary decision theory for those who might question a physician’s diagnosis (important for seniors) or anti-terrorist activities (important for everyone) but haven’t had the framework to analyze the data. That tutorial can be found here.