Amazon was curious, and with good reason: My wife had never before flown to Jakarta, Indonesia, and attempted to buy an audio book, so was this really her?
The request was made in an email, and it looked legit. It had genuine amazon.com email addresses, not amaz0n.biz or support-amizon.com.
But we all know that the scammers are ingenious. They can cloud the minds of mortal men in strange ways, hide their real email addresses, spoof their origin. They’re like crooks who dress up as the mailman and come to the door with a genuine mail bag, the cap and everything, with a white van out in the street, and ask you to sign for a package. The dog hates him; must be real. Sign here? So you sign, not knowing you’re transferring the title of your house.
I stared at the email as if it were a bomb. Ignore the email, and Amazon figures, “Well, we tried, we’re going to let this guy in Jakarta order Prince Harry’s book,” and the guy in Jakarta shouts: “Yes! Finally, a firsthand account of palace intrigue and the chilly, dysfunctional interpersonal machinations of the royal family, narrated by one who knows!”
But if I click on the link to investigate, then the email launches a secret program that burrows into my wife’s browser, steals all her passwords, installs a keystroke reader that sends everything she types into a Russian database and emails offers of Mexican Viagra to everyone she’s ever met, starting with her kindergarten class.
So what can I do? I suppose I could set up a burner account on another computer, one that has no access to any information, then use a Virtual Private Network to pretend I’m actually in Amsterdam, and I’ll use the WiFi at the coffee shop so they can’t inject a virus into our router, take control of the smart lights and turn them off and on remotely just to taunt us.
Why? Because prudent behavior online is indistinguishable now from clinical paranoia.
I figured it was a scam. So I changed the password on her account, but not by clicking on any link. I made sure to block the screen from the window, in case anyone was in the back yard with night-vision goggles. There were no signs of any break-in on her account, although I’m not sure what that would look like. Perhaps if you go to a page selling nightstands, the pictures show them tipped over with the drawers pulled out.
About an hour later, I received a text from Amazon, noting that someone had logged into my account from Illinois.
Sigh. I google this to see if it’s legit. No one knows! I found only page after page of people who want to know if this is real. The general mood is like the Titanic an hour after it hit the berg — confusion and concern, but no panic.
Amazon itself seemed unwilling to say if it was real or fake, because sometimes it was, but someone might be using their notification format to fool you. It’s a scammy world out there, you know. Be careful!
Yes. I know. That’s why I have multi-part identification, so when I log in they send a code to my phone which converts it to a telegram that is delivered to a secret location (which rotates hourly) that I take to the Swiss Consulate, and say, “The magpie flies at midnight,” whereupon they give me a special coin I place in a gumball machine at the airport, which spits out eight-sided dice whose numbers I total up, divide by pi, then enter in my phone. And this is just to log into the grocery store app.
I thought the Amazon text was peculiar, because I hadn’t logged in. I was watching “Columbo” on Prime at the time, which was 9:22 p.m. “See, that’s what’s bothering me,” as the great detective might have said. “You said you were watching the show since 8 p.m., but the text says you logged in at 9:22. I just wonder how that’s possible. You see why that bothers me.”
If I were the guilty murderer becoming increasingly annoyed by the detective, I would have said, “I remember now. I mistakenly clicked the window closed when I thought I was closing another program and had to log back in.” Whereupon Columbo would smile and say, “Ah, well, there you are. Clears it up. Thank you for your time, sorry to bother you.”
But then he’d stop at the door. “One more thing. If your IP is Minneapolis — and we checked, it was — why did the text say Illinois?”
Good question. I signed into Amazon and changed my password, which instantly generated a text that said my account information was being accessed by a browser in Illinois. So either my internet provider had bought one of those cheap throw-your-voice things they used to sell in comic books and was routing me through Illinois, or everything had been compromised.
“That’s it,” I said. “I’m going to restart the router, burn the house down, and salt the earth.” I must have had the Alexa unit on, because I started getting ads for salt on every website I visited. Terrifying at first, but you know, those were really good prices.
email@example.com • 612-673-7858 • Twitter: @Lileks • facebook.com/james.lileks