Got Caught with a Phishing Attack

Yesterday I received an e-mail from what I thought was my e-mail provider telling me I needed to change my password. It is something that happens every year or so. It really should be more frequent but I never look forward to changing passwords and am happy with the current frequency. I put off changing my e-mail password yesterday and decided to give it a try today.

First of all, the e-mail looked like it came from my service provider, which is to say it looked plain and simple. I clicked on the link and entered my current password. I immediately saw an invalid-password message. I entered my old password again with the same result. At this point I went back to the e-mail and realized someone was just looking to get my e-mail password. I felt like a fool.

Fortunately I realized within 30 seconds what was happening and immediately changed my e-mail password. I had to change it in my mail client for both incoming and outgoing messages. This caused very little disruption but I still felt bad for something I should have been able to prevent.

There is a rule we should all follow when an e-mail asks us to log into a system. That rule is to type in the URL of the site asking you to log in and not just click on the e-mail link. I didn't do that and now I can never use that password again for e-mail. I probably should never use it for anything. That is too bad because I liked it and doubt anyone would have guessed it even though I had an easy time remembering it. 

Is it Really Hacking?

I have a son living in Armenia. He has been there for about 18 months and will be done with his assignment, ready to return in August. When he comes back he will be enrolling in the University and will begin classes in September. In order to get him ready for class, my wife has access to his e-mail account. The University is starting to send him information now and my wife wants to make sure everything is taken care of and he is ready to go. My son is relying on my wife to help with some of these tasks and is glad my wife can get into his e-mail. Is this considered "Hacking his e-mail?" I don't think so.

My son is in Armenia with a number of other American young men and women. The parents (mostly the mothers) of these kids sort of have a support group that remains in constant contact with one another. They even go to lunch on a monthly basis. Every Monday we get an e-mail from our son telling us how his week has gone. The parents in this support group also get e-mails from their children and then there is a flurry of e-mail exchanges that take place between the parents so we get an idea of how things are going for others. If any of those expected e-mails to the parents are late, there is a mass of group texting among the mothers to see who has received an e-mail and who hasn't. Sometimes e-mail servers are down and it takes an extra hour or two for messages to get through.

This past Monday happened to be President's day and it also happened that some of the e-mails were delayed. I got to listen to my wife's phone get group text message after message. I asked her what was going on and she explained about the frantic worries of mothers that had not heard from their kids. We got a letter from our son and so I knew there wasn't some sort of terrorist attack or massive earthquake over there. Eventually the mothers started calming down once they were able to "hack their kids' e-mail." They all have the passwords to their children's e-mail accounts. So they logged in and checked the "Sent" folder. Sure enough, the messages had been sent, just not yet received. I had to laugh at the term used by all of the mothers: hacked e-mail.

So that leads me to my question: Is it really hacking? Again, if you have your child's permission to log into his or her e-mail account and also have the password, I don't think it is hacking. It is more like "logging in." Perhaps I am being a bit too literal. What do you think?