During a speaker dinner the other week, a lot of topics were swirling around and a few caught my ear. One of these topics dovetailed nicely with a mistake I recently made. More on that later.
The discussion was on the effect on safety that all the new safety-based tech is having on driving. Some features are a net positive, like airbags and seat belts. Of course, they, too, have a slight negative. Before seat belts, most drivers were much more cautious and less likely to drive super fast (there are always counter-examples!)
While it is true that safety technologies like the Tesla Auto Pilot and Self Driving features (not to mention simpler versions like the simple lane-keeping system that is part of the broader Co-Pilot system from Ford that I have on my vehicle) saves us when we get distracted. However, such features may also facilitate such distractions as habits where you often take your eyes off the main job when there is a steering wheel in front of you. Overall, though, looking at the data from the insurance companies (the ones that failures in traffic safety costs the most money before they pass it on to you and me, of course), it seems that this isn't the case.
No, this is not a driving advice blog
Note I said" overall." Overall can mean something is very helpful in 90% of the cases and 10% unhelpful. This is where my mistake comes into the story. It has nothing to do with driving safety, but rather email safety. 90% or more of the phishing attempts that come in are caught by the email filters (and well over 98% of the stuff caught by those filters are evil attempts to get me to click on it and start a chain reaction that brings down my organization or life.)
But the ones that slip through are the worrisome ones, especially when the spammer does an adequate job of being evil. A few days ago, I got such a message. I opened it, I scanned it, I checked the links, and wasn't sure. In my checks, did I click on the link?
Of course not. In fact, I rarely, if ever, use email links to go to a site I work with, much less ones I need clarification on unless I just requested a link. I can't believe you even thought such things. But the lack of it being caught by the safety system made me think it was possibly, perhaps even probably real.
So I forwarded it to someone and asked. And that right there was my mistake—forwarding possibly evil content to another person to see what they do. Now I forwarded it to someone who would also know better, but what should I have done? Either ask the person I needed to without forwarding the (I wasn't sure if we used a particular service) or send my question to the group that handles this sort of thing and let them deal with it. (Again, not forwarding the email itself!)
The moral of the story
The moral of the story? Don’t let safety checks lull you into a false sense of security. Security software, like driving assistance tools, are assistants, not absolutely right all the time. In fact, all non-strict security, like email scanning, is just like the automobile tech that helps nudge you back on course, with a little assistance.
All it takes is to open, click, and download without using all your brains, and then real trouble may occur. This is true whether you are using your company email system, computer, or phone, where you probably also have access to company resources.
What is the saddest part of this blog is that it must really work well, because phishing has been going on almost as long as Phish has.