Joe and Mike — A Security Awareness story

Horatiu Petrescu, CISSP | GSEC
6 min readSep 19, 2021
This is the story of Joe and Mike

Joe’s a tech savvy person, he’s been working in IT since college and prides himself of embracing all of what modern society has to offer — including technology at our fingertips.

One day Joe was browsing the Internet in search of a new shirt. He has a date next week with someone he really likes and wants to look his best.

One of the stores he was looking at presents him with a pop-up:

“Every penny counts” Joe says to himself while typing his details into the form.

Joe likes a bargain so he takes advantage of every chance he can to save some money. He’s saving up to buy his first home and every $10 saved brings him closer to the property ladder.

Joe is also a wise and experienced buyer, he knows that some deals don’t last long. So he subscribes to online stores to get the latest deals in his inbox every day. He checks out all the newest deals every morning while sipping his double shot latte. Saving money is as easy as pie to Joe, sometimes even he can’t believe the luck with some deals.

He knows a lot of stores have good discounts if he subscribes to their club membership. So he has around two dozen VIP and club memberships across a wide range of stores.

Joe prides himself of being efficient with his online habits. When he’s buying something from an online store he makes sure to save his credit card details into his account. This saves Joe from having to fill the payment info every time he buys something online. After all, time is money.

We all know how annoying it is to reach your wallet, get the card out, fat-finger the details at least once

Joe uses every chance he can to win a free gift. He knows they’re not scams, one of his good friends won a trip to Fiji last year just by entering their details.

You’d be crazy to pass up this chance to win, right?

One of Joe’s colleagues, Mike, doesn’t see eye to eye with him when it comes to using today’s technology.

Mike’s credit card details were stolen a few years ago and if it weren’t for the bank’s security policy, he would have lost more than $20,000. Like Joe, Mike is also saving money for a home and that would have been a huge blow. He found out that his card details ended up on the dark web after an online store he was using ended up in a breach. He lost a few days just by talking to the bank, filling forms for a new card and then updating his payment details with the new credit card information. He had a few sleepless nights as well before the bank confirmed that the money was recovered.

He’s been a little paranoid ever since about his online habits and even started learning a bit about Cyber security and using a password manager. He sometimes reads news about Cyber crimes. On slow days he day dreams and wonders if it’s too late to start a career in this field.

Mike now thinks twice before subscribing to a newsletter, trading his details for a $20 voucher or a chance to win a toaster. And he never EVER saves his card info into any of his online store accounts. He knows his way of doing things is not the most convenient or efficient. But the scare he got years ago when his card got stolen keeps popping up in his mind before clicking “Subscribe” or “Checkout”. Whenever he can he opts for checking out as guest instead of creating another online account.

Mike and Joe are good mates, they go out for beers after work and play online games when they’re not busy. When Mike sees Joe’s online habits he’s always telling him “Dude, you’re gonna get hacked like me one day if you keep spreading your personal details all over the Internet”. Joe doesn’t mind the lecture, he’s chill and answers him with the same line every time: “Soooo you’re saying you don’t like free stuff? You’re just paranoid because you were one of the unlucky 20,000 who got their card details stolen in the ACME hack”. Annoyed that the hack stigma is still undermining his good Cyber habits credibility to this day, Mike tries to convince him one last time: “Joe, you seriously haven’t heard that nothing’s free? Or that if something’s free you’re the product?” Joe, keeping his cool, reassures Mike — “Listen, I know you’re concerned about me but I know what I’m doing ok? Trust me.”

Months later Mike IMs Joe a link to a news article, following up with “I think you should really have look at this”. A big online store which Joe uses often — shirtsshirtsshirts.com, has been hacked 2 week ago, and 45,000 user’s billing information have been stolen. Joe thanks Mike and carries on with his tasks for the day. Later that night he checks his bank account out of curiosity and finds out that he’s missing close to $2,000 from his account. He starts sweating a bit, trying to remember if he’s made any big payment that he might have forgotten about. He doesn’t find anything to show that. He goes to bed, thinking where to start the next day, what to do first. He doesn’t sleep very well.

The next day at work Mike walks up to Joe and asks if they’re still going out for a beer later. Joe replies “I’m a bit busy with some urgent stuff” while he’s googling “what to do if you get hacked”. Mike asks “Are you ok, did something happen?”. Joe says that everything’s fine, he just needs to sort out an urgent issue with the bank. Mike couldn’t help notice Joe’s googling and pushes on with “Hey look, you know you can ask for my help for anything right? I’m always happy to help, no judgement I promise.” Joe turns to Mike and admits that he’s embarrassed about what happened to him, and asks Mike if he can help out. In a glimpse of pride, Mike has half a mind to say “I told you so”, but he holds back, remembering how he felt years back when this happened to him. “Come on, let’s see when you last used your card online and call the bank. I’ve been through this, it’s gonna be ok.”

Are you Joe or are you Mike? Or maybe a bit of both.

Moral of the story:

Stop and think twice before giving away your personal and financial details. Consider the trade off between convenience and security — every website you enter your details on is a +1 to your online risk rating.

Keep your online risk rating low by following a few tips:

  • Whenever possible, use Guest Checkout instead of creating a new account
  • If you have to create an account, create a unique, long and strong password using a password manager
  • Don’t save your card details into your online account
  • Use multi factor authentication (MFA) on your accounts whenever possible
  • If you know and practice good security, don’t be a smart ass. Kindness and empathy helps those in need a lot more.

--

--

Horatiu Petrescu, CISSP | GSEC

Cyber Security professional who enjoys writing, the mind, complicated life topics, and trying to mash all of them together.