Phishing Paranoia Doesn’t Fall Far from the Tree: A True Story
The lessons promoted in the security training and awareness world can show up in surprising places in your personal life. Exhibit A: This true story.
The email from my mom came in at 8:20 at night.
“Excellent sensible article” was the subject.
The only thing in the email was a single link:
It was sent to about 15 recipients, some of whom I regularly see on emails from my mom, some unknown to me.
If I had seen it first, I would have immediately replied to all on the email to not click the link. My next step would been phoning my mom to ask if she actually sent this email. (We can argue about my sequence, sure, but I’ve seen this one play out enough that I would have erred on the side of this path.)
Conrad to the Rescue
I actually didn’t see the email until the next day since I had turned my devices down for the evening.
But my 27-year-old son Conrad pounced on it right away—he replied all:
“Do not open this link – likely spam.”
Dang, I was impressed! Either he had some good training at his company, or he’d been listening to Dad’s phishing paranoia after all.
Ever the excessively literal explainer—hey, I’m in security awareness!—I followed up with this email reply-all:
“Good eye Conrad! An unusual looking link, sent by someone familiar to you but without any other signs of their usual communication and sent to a lot of people, is a good sign that the user’s account has been hacked.
I’m deleting the message too.”
And Mom Learns Too
And then I called my mom.
Turns out it really was her sending the email with an article she really did want to share.
But we had a great talk about how you can provide contextual clues in your email (so your paranoid son and grand-son don’t delete it) and also how you can get to the root of a link to share an article from a reputable source (instead of a sketchy-looking Facebook link).
All around, this was a great family cybersecurity bonding experience—and a good example of the ways we can all take a few moments to share what we know with our friends and family, making the world a little more cybersecure every day.
Aw hell, I had to wipe a tear from my eye. That’s what I get for being an awareness nerd.