In December 2019 I gave up some identifying information in a phishing scam. They had obtained an MIT student's email credentials and were using the account to pose as somebody looking for a pet sitter for their two new puppies. Unfortunately, I sent them a photo of my MIT ID before realizing that something seemed off. I fell for their attempt for a few reasons:
- I hadn't received any spam emails from an @mit.edu address before, so my defenses were down.
- They were offering a good amount of money for the job, something that I don't have a lot of as a graduate student. (Note: If it seems too good to be true, it probably is.)
- I had just finished my first finals as an MIT student and was feeling some combination of invincible and brain-dead.
- I love dogs.
Now, of course, they are using my ID photo to perpetuate the scam and trick other unsuspecting shmucks. If you are one of those shmucks, you've come to the right place! I'm hoping that this page will help anybody wise enough to google my name before sharing their own identifying information. For the record, I am a graduate student, not a professor, auditor, or any other profession. I am not looking for a pet sitter, personal assistant, or any other hireling. If somebody contacts you posing as me, immediately alert your organization's IT department so that they can block the sender and warn others of the attempt.
I'm not ashamed to share that I got phished because I believe that these scams are growing more sophisticated and could happen to anyone. If you're interested in this type of thing, this great Reply All episode shows how easy it can be to pull off a phishing scam as the hosts phish their own boss. I hope that by sharing my experience here I can help prevent others from falling for the same trap.