In New York magazine’s the Cut, the writer Charlotte Cowles has offered up a memoiristic account of being scammed out of $50,000. It’s a humbling tale made all the more mortifying because Cowles, who personally handed her scammers fat stacks of cash in a taped-up shoe box, is the financial advice columnist for the magazine. Lord have mercy.
As Cowles tells it, the scam was a feat of human manipulation. An unknown cadre of perps managed to keep her on the phone for hours on end, first pretending to be representatives of Amazon (Amazon’s website: “Amazon will never call you.”), then transferring her to the U.S. Federal Trade Commission (the FTC’s website: “If someone says they’re calling from the FTC and then demands money—for ANY reason—or demands your personal or financial information, that’s a scam.”). Soon enough, she was on the line with a “CIA agent” purporting to investigate a wide-ranging conspiracy involving money laundering, drug trafficking, and blood-filled trucks at the Southern border (the CIA’s website: “Please DO NOT give your personal information to anyone on a dating site claiming to be a CIA officer.” OK, maybe that one is not germane to Cowles.)
The scammers told Cowles that some other scammers stole her identity and used it to open 22 separate bank accounts, buy countless vehicles and properties, and wire $3 million to Iraq and Jamaica. There were warrants out for her arrest in two different states for cybercrimes, money laundering, and drug trafficking.
What had Cowles—supposedly, according to the scammers—done to compromise her information and identity, and to require their urgent “help”? In the course of their discussions, the faux-CIA agent asked Cowles if she “had ever used public public or unsecured Wi-Fi:
“I don’t know. Maybe?” I said. “I used the airport Wi-Fi recently.”
“Ah,” he said. “That’s unfortunate. It’s how many of these breaches start.” I was embarrassed, like I’d left my fly unzipped. How could I have been so thoughtless? But also — didn’t everyone use the airport Wi-Fi?
Of course, the whole story the scammers told her is ridiculous. Whether or not Cowles is correct in her assertions that handing over $50,000 in a shoe box could happen to anyone is up for debate. But she’s right that we could all at least use her tale as an occasion to learn something. In true financial advice columnist form, she published a service piece alongside the essay with tips on protecting yourself.
There’s a question she doesn’t get at: Is it plausible that someone could steal your identity if you use public Wi-Fi? I’m admittedly writing this very article from a neighborhood coffee shop!
The reality is that Cowles and I—and you, scrolling as you wait for your next flight—are probably safe. “Using public Wi-Fi is as safe as any other Wi-Fi, as long as you follow best practices,” says Katie Moussouris, the founder and CEO of Luta Security. Use unique passwords stored in a password manager, use multifactor authentication, and keep your devices updated. (Seriously, use a password manager.) “Every layer of defense protects your information wherever you go,” says Moussouris.
Chester Wisniewski, director and global field CTO at the security company Sophos, agrees. “If you keep your devices up to date and use unique passwords for every site, you are unlikely to encounter safety issues online,” Wisniewski says. “If you enable multifactor and don’t respond to suspicious texts and emails, you are nearly bulletproof.”
As it turns out, concerns about using public Wi-Fi networks are outdated given the encryption standards of the modern internet. So what changed this? Edward Snowden.
“When the allegations about the NSA vacuuming up all of our information emerged in 2013, we began to encrypt everything online including our websites, chat applications, and phone apps,” Wisniewski told me. “By 2019 over 90 percent of the web was encrypted and it is very close to 100 percent for most Americans today.”
Cowles made mistake after mistake in her high-pressure phone calls with her scammers. Many of her missteps, in addition to being fueled by the intense fear that the scammers successfully instilled in her, have to do with her hurried misunderstanding of how federal law enforcement works, and how corporate customer support works. Her understanding of cybersecurity was’t exactly wrong; it was just outdated. Cowles, as it turns out, was too worried about getting hacked—and not worried enough about getting scammed.
