A Phish Tale

Learn Data Science
Teradata Employee

Like any endeavor, data science requires some specific behaviors as well as behaviors that can be applicable to anything. One of these days I’ll write about some more specifics, but today I feel prompted to talk about two more general behaviors and/or attitudes.


First, avoid jumping to conclusions and acting on those conclusions after only seeing a small part of the data – there may be additional data that changes everything.


And second, your social channels can be very beneficial to you in sometimes surprising ways.


That’s it. If you believe you have these already grokked, then you don’t need to read any further. I’m going to relate a non-data science example that illustrates these, but still tie back to data science.


First, a little background to set the scene. Teradata has been undertaking a huge transformation over the last few years touching all corners of the company. Supporting a primary focus on business outcomes, Teradata has released a series of new products and recently announced the Teradata Analytic Platform, having 4D Analytics capabilities, a foundational component of Teradata Everywhere: a flexible, agile and scalable way to ensure a high return on analytic investments, available in the cloud with the freedom to change deployment environments as business needs evolve. It’s an exciting time to be working for Teradata.


The transformation has also involved both organizational and process changes. Internally we’re using some new systems for tracking “things” and more internal changes have been announced. Last week, human resources sent out a note about our new personnel review process that we’d be seeing in the next few weeks.


Yesterday, while working at my desk, surrounded by this atmosphere of change, I see a ghost email appear and fade in the lower right corner of my screen. The topic line said, “Your employee evaluation has been updated” and my mind immediately remembered the note from HR and the fact that I’d recently started reporting to a different manager. I kept working a little longer, wanting to finish what I was doing, and the ghost mail appeared and faded again.


When I popped over to Outlook to read my mail, I saw a short paragraph referring to a new initiative and telling me that my supervisor had uploaded my evaluation. It asked me to login to our secure portal using my Teradata username and password. And by now all of you in the theatre are yelling at the screen, “don’t do it you **bleep**” and “it’s a trap you idiot”. And when I logged in, I discovered I was and it was.


The good news is it was a site created by our own IT’s phishing prevention group, so I’m relieved that nothing really serious happened because of it. But had it been a real phish something serious could have happened, and I’m still ashamed that I fell for it.


I had jumped to an immediate conclusion about that email just from seeing the ghost image. Given our current environment and my particular expectation that I’d soon be getting into a new review process, I already believed the email was legitimate even before I ever opened it and actually read it. And I just didn’t see the many clues that it was not legitimate sprinkled throughout the email.


As I implied earlier, that’s the kind of thing to guard against in data science, drawing conclusions too rapidly from a small sample of data and closing your mind to the possibility that your conclusions might be wrong. That lack of flexibility could lead down a long analytic path and a dead end.


I also felt annoyed at first. It didn’t seem fair. I’ve been good at this. I’ve caught numerous test phish and real phish over the years and forwarded them all to IT. But this time IT sent a fake phish as a test with content matching very closely to what employees are experiencing. And that’s the point. It was perfect. Any phisherman with any knowledge of what was happening in the company would have sent an email just like that to reel somebody in.


But I’d have avoided it completely if I had just checked my safety net.


We have an internal chat app with multiple channels that fires up automatically when my laptop boots and keeps an icon in my tray at the bottom of the screen. When new messages are posted, a little red number appears in the icon.


By the time my ghost phish appeared, my task completed, and I jumped into Outlook, my chat icon had begun glowing. After I made my phishing mistake, I clicked on the chat icon and found at least 6 posts about a phishing email complete with the identical screen print of the one I had just clicked through. A few posts later it was confirmed as an IT test that generated a “Good Job!” message if you caught it and sent it to IT. One of the posters even linked a phishing presentation that included our test email nearly verbatim on one of its last slides: http://thehumanfirewall.org/wp-content/uploads/2016/11/HMSDC-Building-the-Human-Firewall-2016-BW.pdf . A few other posters admitted to getting caught as well.


Sometimes when you least expect it, a social channel will be addressing an issue you’re currently grappling with – and, as always, an active search or posted question can get you specific help.


Both your daily life and data science life can benefit from not jumping to conclusions and keeping connected to your social channels, but there is one more takeaway from all this.


We all make mistakes, but “no harm, no foul” really isn’t good enough. Own your mistakes. Feel bad about them as appropriate, but don’t let them take over your identity. Fix whatever needs fixing. And above all, learn from them, really learn from them.


Now I need to return a note to a guy from Chad who needs help moving some money out of his country.