So you get an email from someone you know well enough. It contains only a link to a website. It takes just an unthinking moment to click on it to find out what it is that your good buddy wants to show you. Open it and kapow. You'll soon be feeling like a dummy.
Three sorts of dummy, actually. The one in a dunce's hat. The one that has an unseen hand reaching through an unpleasant route deep into its innards. And potentially the one that's atop the bonfire of what used to be your identity and your finances.
Phishers, as not quite all of us know, are scammers who make contact with us under disguised identities to get useful information like our passwords or user names - and through that, our money.
After the latest attack at the weekend, thousands of New Zealanders have been slyly invited to allow malware into their systems. And so it goes.
Late last month Trade Me was targeted by phishers who sent mails asking users to click a link to cancel the purchase of a barbecue they had bought. This one was further proof, if it was needed, that gone are the days when you could tell a scam from the bad Nigerian English and the cheap amateurism of the sites. The bogus Trade Me mail contained standard information you would expect from an automated response.
Let that serve as a reminder that, quite apart from making sure you are on the trademe.co.nz site and none other, you should never provide your user name or passwords by email, or enter information into forms within email messages.
The scale of the phishing problem, and scamming in general, can be tricky to pin down. A good overview comes from NetSafe, the website run in partnership with Government agencies, which recorded more than 1500 "cyber incident" reports on Online Reporting Button at theorb.org.nz for a total of about $1 million.
All the while the old "PC doctor" scam is still around, while some of the biggest losses recorded by Kiwis of late have been through romance and online dating scams.
Please make sure you don't have an easily predictable password. Remember that banks never contact you with a request that would disclose your pin number or account password. Inland Revenue never makes contact because it's concerned about you not having claimed an entitlement. "We are not that generous," assured Minister Peter Dunne, after being sent a fake one himself.
- The Marlborough Express