The vice president got phished, are you next?

Problem is becoming a national epidemic, and no one is immune

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Amer­i­ca got mail last week­end, about 30 emails, accord­ing to reports. They were writ­ten as recent­ly as last year by then-Gov. Mike Pence and sent from his per­son­al AOL account. While this is a polit­i­cal sto­ry, it is not about pol­i­tics. It’s about a nation­wide problem.

Adam Levin, chair­man and co-founder of and Cyber­Scout (for­mer­ly IDT911)

The emails, released to the Indi­anapo­lis Star in response to a pub­lic records request, include state busi­ness. The rev­e­la­tion is that Pence used his pri­vate email account to con­duct business—an account we now know cat­e­gor­i­cal­ly was not secure from the pry­ing eyes of hack­ers since, per var­i­ous reports, it sent out emails say­ing Pence had been robbed over­seas and was in need of mon­ey to get back home, a clas­sic email scam you’ve no doubt heard of.

Pence’s email problems

The emails released by the Indy Star were addressed to Pence’s chief of staff and also his home­land secu­ri­ty offi­cer. As such, they open a win­dow into Pence’s tenure as gov­er­nor where there shouldn’t be one. Emails dis­cussed polit­i­cal issues—like the reset­tle­ment of Syr­i­an refugees—and oth­er sen­si­tive matters.

The news imme­di­ate­ly result­ed in pub­lic parades of schaden­freude on the left. After all, for­mer Sec­re­tary of State Hillary Clin­ton arguably lost the elec­tion because of the same issue. But while there is plen­ty to make fun of here, there real­ly is very lit­tle in the way of rel­e­vance between the two email stories.

While there have been more detailed tales of the tape between the two sto­ries, you only need to know that for­mer Sec­re­tary of State Clin­ton did some­thing, that while legal, was strong­ly dis­cour­aged by her employ­er, the State Depart­ment, and what Pence did was under no such strictures—a sen­ti­ment Pence and his press sec­re­tary echoed in state­ments to the press. (Pence could not be reached for com­ment by

What you have in com­mon with Pence, Clinton

This lat­est email sna­fu is about con­trol, but not over the flow of infor­ma­tion, secrets or priv­i­leged access to infor­ma­tion. It’s actu­al­ly about an alarm­ing lack of con­trol. That lack of con­trol has to be laid at the feet of infor­ma­tion secu­ri­ty experts who are tasked with keep­ing us safe.

We can do amaz­ing things in the realm of cod­ing, but some­how a fix to the phish­ing pan­dem­ic con­tin­ues to elude us. The main rea­son for this is at least under­stand­able: It’s a crime that preys on human nature—something that can’t be (reli­ably) coded.

Vice Pres­i­dent Pence did what mil­lions of us do every day. He clicked on a link in a phish­ing email, the vic­tim of gar­den-vari­ety social engi­neer­ing. In doing so, he did us a favor, though it’s doubt­ful he will get much cred­it for it. He high­light­ed an area where our nation needs to do way more. Phish­ing is a nation­al epi­dem­ic, and we all need to wor­ry about it. If lead­ers of the free world can fall for this scam, so can you.

What’s phish­ing? How can I avoid it?

Phish­ing emails spoof legit­i­mate com­pa­nies or con­tacts in an attempt to get the recip­i­ent to click on a fraudster’s link. As I wrote about in my book, Swiped, you prob­a­bly can spot a phish­ing email in your sleep, and you would no soon­er click on a link in an email about sus­pi­cious activ­i­ty on your bank account than you would leave your wal­let in a cross­walk in Times Square.

How­ev­er, best prac­tices often fly out the win­dow when it comes to sala­cious mate­r­i­al about our favorite celebri­ties. Think about it this way: As you wan­der in the dark­er alleys and back­streets of the inter­net, where the risks should out­weigh all oth­er con­sid­er­a­tions, are you will­ing to for­go sen­si­ble web behav­ior when the like­ly out­come will be catastrophic?

The main threat is mal­ware. You can expect it to wind up on your com­put­er if you decide to search the less safe parts of the inter­net for mate­r­i­al that was nev­er meant for your eyes anyway.

It may be some­thing sim­ple, like code that turns your com­put­er into a spam dis­tri­b­u­tion cen­ter, or a more seri­ous app that will record your key­strokes (includ­ing when you log in to your bank, email, social net­work­ing, bro­ker­age accounts, or the guber­na­to­r­i­al back office). There’s no way to know what you’re get­ting your­self into. The best course of action is to use your imagination—or pos­si­bly even your sense of what should be off-lim­its. Mal­ware leads to iden­ti­ty theft and worse.

If you tend to chase break­ing news sto­ries and like to down­load the ephemera relat­ed to them (eye­wit­ness pho­tographs, blog posts), you might want to do a mal­ware scan of your computer.

As a mat­ter of fact, this kind of scan­ning should be a part of your habit of mon­i­tor­ing your var­i­ous points of con­tact with the out­side world—your attack­able surface—regularly for signs of intru­sion. (You can also mon­i­tor two of your free cred­it scores for foul play every two weeks on

The lack of cyber­se­cu­ri­ty acu­men man­i­fest­ed in the phish­ing of a gov­er­nor should serve as a cau­tion­ary tale for every­one. Unless you are nev­er off your guard, it’s high­ly like­ly that you will get scammed. The solu­tion to the phish­ing pan­dem­ic is nowhere in sight. Be care­ful because the light at the end of the tun­nel could well be the head­light of a bul­let train.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?