The other day, I was taking a nap and received a phone call. Groggy and annoyed, I answered the phone, and was greeted with a very legitimate-sounding automated message telling me that my Master Card has been locked, and I needed to take action. I immediately hung up, because I wanted to continue my sleeping and I can always deal with a machine later at my own convenience.

It wasn’t until after I woke up that I realized that I hadn’t even considered that I don’t have a Master Card. The call came at about 5:30 PM, after business hours. I checked the caller ID, but it was blank. It seems that someone had tried to phish my information. I wonder, if I had been a bit less cranky, and if I’d owned the card in question, would I, in my semi-conscious state, have followed the machine’s instructions and given whatever information it asked for?

I’d like to take this opportunity to inform the account holders that I will never ask for your password, unless you contact me, asking me to change it for you (and then, I will take steps to ensure that it really is you). As the administrator, I┬áhave the ability to conduct whatever maintenance tasks need to be done, without logging into your account. Further, the appropriate ways to access services (including the way to change your password) are fully documented, so that there is no reason to fall for phishing sites. I jealously guard my server’s security, and will take immediate action upon any suspicious activity, but you should still be vigilant about guarding your login information; irreversible damage may be done to your data before I can catch it.