Today's Gmail Hacking Installment: Protect Your Friends, Too!


As I reported in last month's chronicle of a hacking attack, my wife's Gmail account was taken over a few months ago; all of her correspondence, photos, records, etc from a six-year stretch was zeroed out; and she has spent much of her time since then dealing with the consequences.

And, as I have mentioned, oh, a few million times by now, if you don't want this to happen to you, you will:
   (a) start using Gmail's "two-step" authentication system;
   (b) make sure that any account that matters to you has its own unique password, one that you've never used on any other site; plus
   (c) consider backing up your "cloud" data locally, for instance using Eudora, Thunderbird, or any other email handler to copy your online archives onto your own hard disk. Details on these and other fronts in the posts collected here.

But wait, there's more! You can also help other users. A little while ago, this message showed up in my wife's Gmail inbox, having made its way past the normal spam filters, Click for larger if you can't read it:


The obvious point is: this is a phishing message, and a crude one at that, which you shouldn't reply to. Duh. The less obvious point is that you should use the "Report Phishing" button on Gmail, which comes up as part of the "Reply" menu, rather than just deleting this and moving on.

Why does this matter? For reasons of scale, nearly all of the spam-filtering and fraud-detection efforts by Gmail or other systems are "algorithmic." That is, they're based on automatic scanning of messages to match their contents to known fraudulent patterns. It's a matter of probabilities, which is why the filters aren't perfect. Some new forms of spam are cleverly enough prepared to escape the automatic matching; some "real" messages use enough suspect words or patterns to get trapped or flagged.

So the fine-tuning depends heavily on judgments by real, human users, who start flagging messages as spam, or retrieving them as "not spam." Each of those decisions sends a signal back to Google's (or another company's) algorithms -- and the signal gets extra weight, since it reflects a human judgment of where an algorithm has failed. These are the counterparts of "Like" or "Share" or "+1" signals in social media, and in this case they can quickly shift detection to a pattern the algorithms would have taken longer to catch up with.

The easiest way to handle an obviously fraudulent message is just to delete it. But if you spend two more seconds to click the "Report Phishing" button, you can reduce the likelihood that you or anyone else will see a similar message again. As our friends at the TSA would put it, If you see something, say (or click) something.
Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.
Get Today's Top Stories in Your Inbox (preview)

Social Security: The Greatest Government Policy of All Time?

Social Security is the most effective anti-poverty program in U.S. history. So why do some people hate it?

Elsewhere on the web


Adventures in Legal Weed

Colorado is now well into its first year as the first state to legalize recreational marijuana. How's it going? James Hamblin visits Aspen.


What Makes a Story Great?

The storytellers behind House of CardsandThis American Life reflect on the creative process.


Tracing Sriracha's Origin to Thailand

Ever wonder how the wildly popular hot sauce got its name? It all started in Si Racha.


Where Confiscated Wildlife Ends Up

A government facility outside of Denver houses more than a million products of the illegal wildlife trade, from tigers and bears to bald eagles.


Is Wine Healthy?

James Hamblin prepares to impress his date with knowledge about the health benefits of wine.


The World's Largest Balloon Festival

Nine days, more than 700 balloons, and a whole lot of hot air



More in Technology

From This Author

Just In