by MaryBeth Smith
Recently, many members of our community have received suspicious emails, known as “phishing.” In one, the sender purported to be in search of a Feldenkrais® teacher to teach two Functional Integration® lessons a week to a celebrity client over an eight-week period. The friendly email concluded with a request for more information about you and your qualifications, and the hope that you could help her client.
WHAT’S GOING ON?
Countless bad actors around the world employ automated “bots” to harvest or “scrape” email addresses from public sources, such as websites, online directories, and social networking platforms. They then send messages to those addresses, with one goal: to obtain your personal information, whereby they can steal your identity, access your bank accounts, file false tax returns in your name, or a number of other nightmarish scenarios. Via links (if you click on them, so DO NOT), they can install malware or viruses on your computer or phone to steal your information with an added dose of hassle and misery. According to tripwire.com, an internet-security information website, phishing attempts increased nearly 41% during 2018. We are experiencing the latest generation of old scams; remember the well-known “Nigerian prince” who needs your assistance to launder several million dollars? Scammers are more sophisticated now, and upgrades in technology make it easy for them to run their operations on sheer volume. Have you kept pace? Are you safe online?
GOOD NEWS/BAD NEWS
The good news is — we, as Feldenkrais Practitioners, have raised the profile of the Feldenkrais Method® of somatic education in the public sphere. This is good for individual practitioners, because members of the general public can more easily find us and experience the Feldenkrais Method through our classes and lessons. We need the exposure for the growth of our private practices, which then sustains the Feldenkrais Method.
The bad news is, with more visibility comes more exposure to threats. While large businesses have an expert cyber-security team (or individual) in-house to deal with attacks on a consistent basis, solo practitioners often lack the time, experience, or expertise to keep up with what’s going on and how best to protect themselves. It’s wise to give your intelligent awareness and attention to your own online security. Scams range in severity along a spectrum from simple time-wasters to catastrophes that involve your finances or your reputation. If you know what you’re doing, you can protect yourself, and the impact will be minimal.
LEARN A NEW HABIT
Denver-based IT Developer and Feldenkrais® enthusiast Geoff Smith is a regular presenter on the topic of internet security for individuals and community organizations. He says, “Security is something you practice, not something you can be. As we learn and adapt to new attacks, the bad guys develop new techniques to thwart our efforts.” Smith’s recommendation? “Set aside some time regularly to brush up on current best practices, and put them into effect intentionally.”
THE THREE EASIEST THINGS YOU CAN DO
The best place to start is by informing yourself. You are reading this article, which is a good beginning. We’ve included links to more suggested articles at the end of this one. Beyond that, here are some easy next steps:
1. Use common sense. A message may come “out-of-the-blue” to your email inbox, or increasingly, via text message. Sometimes they will even use your website’s contact form or your online scheduling tool, although these channels are rarely used because they are harder to automate. The scammers are playing a volume game, and want to work as efficiently as possible to find as many naïve victims as possible. Let your gut be your guide. Ask yourself the following questions:
- Do you know this person?
- If not, do they name a referral source?
- Are there grammatical inconsistencies or sloppy misspellings?
- Is there an appeal to greed (the opportunity to make a lot of money in an unusual way) or ego (celebrity client, recognition, exclusivity)?
- Are they asking for personal information?
- Are they proposing an unconventional or complicated financial arrangement for payment?
- Does something just seem “off” to you?
- REMEMBER: Sometimes, the best thing to do is NOTHING. You are always safe if you ignore the email and do not respond. Simply delete it and move on with your day. If you do respond, do not give any personal information, account numbers, birth dates, and the like: and do not click on any links. You can end the relationship at any time before you click or give your information.
Another phishing attempt, which frequently arrives via Facebook messenger, is a video link, purportedly from someone in your friends list. You share a connection online, but you are not in regular contact with them. The only message is, “I was shocked to see you in this video,” “Is this you?” or similar “bait.” Don’t fall for it. Your friend’s profile was hacked, and is being used to scam others.
2. Passwords, passwords, passwords. Geoff Smith echoes others in the field in recommending that you use a password manager app or program. “A password manager will generate a different password across various services, so you never re-use them,” he says. Geoff continues, “If you use the same password for everything, once the scammers have one password, they can basically access all your accounts. This simple precaution [using a password manager] stops them at the entry point to your online life.” It is well worth the small investment of time, money, and your learning curve.
3. Use Two-Factor authentication (or MFA, Multi-Factor Authentication) whenever possible. The way this works is; when you log into one account, they send you a code via a text message (or other channel of your choosing), which you then enter as part of your log-in. Geoff explains, “If you are phished, the attacker only has access to that one account: since they do not have access to your phone (or whatever your second factor is), they can’t get in.”
We conclude with some links to information that will give you a short course in personal online security. Bookmark them for future reference. Inform yourself, use common sense, put simple systems in place. With a reasonable amount of caution, it’s possible to be successful and safe using online tools and social networks to promote your practice.
SUGGESTED LINKS ABOUT SCAMS, PHISHING, AND ONLINE SECURITY BEST PRACTICES
While there is some overlap between articles, each one provides another dimension to the topic. If you are new to all of this, go slowly. Some repetition is useful. We don’t advise devouring all of this information in one sitting, so take it easy, keep breathing, and notice your constraints. The potential for improvement is limitless.
Advice from the US Federal Trade Commission (FTC) if you receive an email from a commercial account (Netflix, a bank, etc.)
The American Massage Therapy Association offered these guidelines to its members in the article, “Protect Your Massage Therapy Practice from Scams.”
Common phishing scams (infographic, via tripwire.com)
Sometimes, phishing emails look like they come from a legitimate company with whom you have an account, for example PayPal, Costco, or your bank. Check out “7 Ways to Recognize A Phishing Email: Email Phishing Examples.”
Pour yourself a cup of coffee, or perhaps something stronger. You’ll need it while you learn about all the bad things here.