Threats 101
Ryan Harnedy
Oct 2016

Help Desk Horror Stories: Choose Your Own IT Security Adventure

Photo by Derek Bruff

Hello Boys and Ghouls,

With Halloween just around the corner we thought it would be just SPOOKtacular to share some tastefully terrifying tales of user behavior gone DEAD wrong! So sit back, relax, and get ready for a GHOULISHLY good time as we present:

Help Desk Horror Stories! (Choose Your Own Adventure Edition)

Story #1: Night of the Bad URL

It's a dark and stormy mid-afternoon. Sally from Sales receives an email that looks like it’s from a prospect asking for a quote. In order to proceed, it asks her to click on a link that goes to a form from their purchasing department.

Time to choose your own adventure! What does Sally do?

Option #1: She clicks on the link.

Sally is overcome with joy about a new potential sale. She clicks on the link, without checking the URL, which then downloads ransomware onto her computer.

She files a ticket with you after she realizes she can't open any of her files, but waits till the end of the day to do it. You spend another evening working late, wiping and restoring her machine and making sure the ransomware didn't spread. Your significant other isn't pleased.

Option #2: She double-checks the URL destination and notices it's suspicious.

Sally hovers over the link before she clicks on it. She sees that the URL actually directs to a strange-looking site that doesn't match the company, so she reports it to you immediately. The next morning you and Sally get coffee and strengthen the collaborative bond between Sales and IT. They're also giving out free donuts. This is really shaping up to be your week. 

Story #2: I Know What Password You Didn't Change Last Summer

It's the year of the "mega breach" and you catch wind of another major hack involving a social media network everyone in the office likely uses. You decide to write to everyone alerting them of the breach and suggesting they change their passwords, especially if they use that password for other accounts. And most especially if they use that password for their work accounts, too. 

You're primarily concerned about Mel from Marketing. You've already had to talk with him about leaving his password stuck to a post-it note on his monitor. You decide to give him an extra nudge and bring it up to him in person.  

Time to choose your own adventure! What does Mel do?

Option #1: Mel is tired and decides remembering more than one password is too hard.

 A criminal who buys access to the stolen passwords from the data breach is now able to crack into Mel's email because he was using the same password. The crook sends out a wave of phishing emails to everyone on Mel's contacts list. Four different people at the company receive and fall for the email, which infects them with ransomware, steals their passwords, and kick-starts the cycle all over again. 

All the stuff you thought you were going to get done this week gets backburnered. 

Option #2: Mel changes his password.

Mel realizes if his password was exposed in the breach he is making not only himself but the company vulernable, too. He remembers the advice you gave and uses a secret sentence to create a powerful, unique new password. Mel thanks you for sending that helpful IT security email and for being so proactive. 

Story #3: It Came from an Invoice!

Fiona in Finance gets an invoice from what must be a new vendor. She downloads the attachment and tries to open it, but Microsoft Word says she needs to enable macros. 

Choose your own adventure time! What does Fiona do?

Option #1: Fiona enables macros.

 Enabling macros allows malware hidden in the Word document to spring into action and download a ransomware payload. Fiona suspects something is wrong when her files have a strange new extension, but she decides she’ll report it as soon as she gets back from a week-long vacation. She honestly doesn’t have time to deal with the hassle or questions.

Meanwhile, while she’s gone, the ransomware spreads across a shared network drive and ravages the office. Every day for two weeks someone new gets infected and you have to re-image their computer. Your boss asks you if it’s gone and you say yes, then you get hit again, and again...and again!

Option #2: Fiona closes the document and reports it to you.

Fiona remembers the training you gave on reporting documents that ask you to enable macros. You had shown a real example that looked just like what she saw. She closes out the document and forwards it to you.

You respond by thanking Fiona and, later on, you give her the "Most Cyber Aware" award at the monthly company meeting. You show everyone the document message that Fiona responded to and encourage everyone else to report anything suspicious, too.

Story #4: The Supervisor Only Asks Once

Administrative Adam gets an email from someone he thinks is his boss, Executive Ellen, asking him to initiate a wire transfer to a vendor right away because it's an account that's past due.

Choose your own adventure! What does Adam do?

Option #1: Adam sends the money.

Adam sends the money right away without thinking, because he doesn't want to upset the boss. When it becomes clear that the email was a BEC attack Adam panics and blames IT for not providing strong enough security. You spend the next month conducting security awareness training sessions.

Option #2: Adam confirms the request with his boss. 

Adam knows, because of helpful materials you shared with him, that wire transfers or any other sensitive requests that are out of the ordinary should be scrutinized and confirmed in-person or over the phone. He checks with his boss who says she never sent that email.

You and Adam laugh about it over lunch, which you actually get to eat because you're not delivering security training.

Story #5: The Horror from Beyond the Board Deck!

Executive Elena has noticed some weird file extensions on her personal computer, but she’s been too busy to look into it. She needs to update her board presentation, but the latest version is on one of the company’s network shares.

One more time: choose your own adventure! What does Elena do?

Option #1: Elena gets access to the network share.

 The ransomware running on Elena's computer winds up infecting the entire drive. You spend the rest of the week trying to rollback all of the network shares. Some crucial finance data is lost forever.

Option #2: Elena brings in her computer for you to check it out.

Elena realizes that if something weird is happening on her computer IT can help. She brings it over to the help desk where you discover the ransomware and are able to contain the infection. Elena is so pleased by how you handled the situation she nominates you for employee of the month. Enjoy your plaque!

Now Time to Get Real

These situations may have all been ficticious, but the truth is you do have two very real options to choose from when it comes to your company's security:

Option #1: Count on your users making all the right decisions.

(I think we know where this path leads.)

Option #2: Plan ahead for them making mistakes.

Smart choice! We built Barkly to help by providing you with strong endpoint protection that blocks ransomware and other malware before it does any damage. By analyzing systems processes and program behavior, it's able to stop the types of cyber attacks that sneak past antivirus. 

Learn more about how it works here.

Or you could always put things off. Ransomware likes to wait ;-)


Ryan Harnedy

Ryan Harnedy

Ryan writes about how to make cybersecurity make sense to end users and keep employees safe from ransomware, malware, and phishing attacks. He enjoys decoding buzzwords and sharing security tips that users might actually follow.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.