There's one born every minute

AccountingWEB.co.uk editor John Stokdyk thought he was a tech-savvy guy, until 2.05pm today.

"Do as I say, don't do as I do" has been my motto for a working life in the media for more than two decades. A little episode that occurred in my post-lunch email in-tray brought home to me the underlying hypocracy of my little private joke.

One of my most regular rituals as an online editor and technology expert has been to issue frequent warns about security dangers and the need for robust, rigourous systems for protecting your systems and information. Yet my personal data management routines would make a GCSE-level ICT student blanch (it's OK folks, I have people back at HQ to look after that sort of thing for me).

When it comes to security, I take pride in having survived just a few minor skirmishes with malware infections and I'm pretty good at following the usual advice:

• Run anti-virus software and update it regularly
• Use a dependable firewall - in my case built into office router, with the default password changed
• Turn off unneccessary system utilities and routines (see Symantec & Sophos sites, or review the IT Zone library and our Security page for more detailed advice); and most important of all:
• Never open dubious attachments or unfamiliar web addresses - especially ones from HMRC, PayPal, eBay, banks and other official-sounding organisations. If possible, get your IT people to set your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

Coming back from lunch, though, I noticed the following direct message from one of my Twitter chums:

Edwardtudor: haha. This you???? http://fake.url/PyJS

Absent-mindedly clicking the link to see what he had to say, I was pulled up short by my browser, which announced in big white-on-red writing:

Reported Web Forgery!

This web site at twitter.login.dingbat.co.uk has been reported as a web forgery and has been blocked based on your security preferences.

Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.

Entering any information on this web page may result in identity theft or other fraud

I dropped by poor old Ed's Twitter page to let him know that I think his account had been hacked, I discovered that he already knew: "This you???? I did not send this DM I last sent a Tweet on Tuesday !!!!"

In this instance no harm came of the phishing attempt, but it's a timely reminder to always be suspicious about any form of unsolicited or unexpected content (typically 90%-plus of the average email in-try). Embarrassing as my little slip has been, at least I have noticed from other recent posts elsewhere on the site that accountants too occasionaly neglect to follow their own financial advice.

Maybe the time has come to give up my little double standard for Lent and practice what I preach. I'll promise to do so if you do too!