Cy-BOO!-Security Awareness Month Competition Winning Entries

Posted by Selina Coen on Tue, Nov 28th, 2023

As the Halloween decorations are packed away, cyber threats and phishing continue to case shadow over our digital world. Beyond the thrill of spooky tales, the real fear of cyberattacks persists. On a daily basis, over 4,000 new cyber threats emerge; a relentless onslaught that knows no seasonal pause. Even more distressing is that a company succumbs to ransomware every 14 seconds! 

In our quest for the most spine-tingling cybersecurity tale, we hosted a Cy-BOO!-Security Awareness Month Competition where participants shared their scariest encounters with online threats. People from all corners of the digital world shared their stories, aiming to win the title for the most hair-raising narrative.
 

Cy-BOO!-Security Awareness Month Competition 

From a collection of bone-chilling submissions, one story emerged victorious. It stood out for its chilling depiction of navigating the dangers of cybersecurity. Get ready as we unveil the winning story that captured the essence of digital fear and sent shivers down our spines.

Competition Winner: Babatunde Onabajo

"I might as well have been on the planet Mars when I first tried to navigate my way around cPanel, a very popular web hosting control panel software. Terms like “DNS” and “Subdomains” were as foreign to me as utterances from ET as I started my programming journey working on the startup I intended to start from my flat in Central London. 

As I navigated through the interface like the Mars rover treading through the rocky, red terrain of the mysterious planet, one of the buttons that stood out to me was the “Visitors” button. Needless to say, the “Visitors” button would inspire butterflies in anyone’s stomach: the thought of having your website used by others to solve a problem they have is a cause for excitement. And even though the website did not yet have a high rank as far as “search engine optimisation” goes – another term that I had to learn – it did seem to attract quite a few visitors. Only that these visitors were not human visitors as I had first thought. No, they were automated visitors by bots that unscrupulous people from around the world had built. 

This was not apparent at first. But as I pored over the Visitors logs, what stood out to me was that some of these pages didn’t exist at all or would have unusual characters in the links. Careful not to click on them directly, I explored them more through Google and was astonished to learn from several community forums that these were all automated exploits. One of the most common that I encountered was called an “XML-RPC” attack, which seems to be a vulnerability associated with WordPress – I thanked my lucky stars that the website was entirely custom-made and not based on WordPress – and there was another that I read about which, even just clicking the link could potentially cause your device to be hijacked. 

As I dug deeper into these mysterious links, I became increasingly aware of the number of bad actors that were out there trying to threaten people’s cybersecurity and online safety. Even though the website was still new in the cyberworld, it was just as much a target as a website belonging to a government or a large corporation such as Microsoft. The lesson I learned from this is that cybersecurity is not just something that the “big guys” need to think about; it should be at the forefront of everyone’s minds whenever they spend time on the beautiful thing that is the internet."

Runner up: Jacob

"When I first started my professional working career I was alongside another executive and we both got an email from our 'CEO' telling us that we needed to go and buy $100 in iTunes vouchers (this was 2018) for staff prizes and to keep it a secret. I replied with a couple of questions and said I’ll do it. Stood up to go and luckily my manager asked where I was going and knew straight away it was a scam. Because I pressed the links in the email a couple of days later my mouse started moving accessing files! Quickly shutdown my laptop and told IT."

The scary stories we've heard from the digital world aren't just tales—they're warnings about the real dangers lurking in cyberspace. They show us how important it is to be proactive in protecting ourselves from cyberattacks. This means having strong cybersecurity in place for any business. With cyber threats everywhere, keeping your data safe is crucial.

These cyber stories underscore the alarming rise in phishing and Business Email Compromise (BEC) attacks, which continue to pose significant risks:

• Phishing attacks account for 36% of all US data breaches.
• An overwhelming 83% of companies experience a phishing attack each year.  
• The Internet Crime Complaint Center (IC3) report shows that the cost of phishing in 2022 was $2.7 billion in the US alone.
• On average, each phishing attack costs corporations a massive $4.91 million.

If you want to strengthen your defense against cyber threats and avoid your own cyber horror story, we invite you to explore a free PhishTitan demo.

PhishTitan is an AI-driven advanced phishing protection solution for companies using Microsoft 365. PhishTitan natively integrates into M365, augmenting EOP and Defender by catching and remediating sophisticated phishing attacks that Microsoft misses.

PhishTitans' multiple layers of analysis and detection methods, offer unbeatable anti-phishing accuracy for zero-day attacks, with minimal false positive results. The solution provides comprehensive 360-degree coverage by utilizing secure email gateways, scanning both internal and external emails within M365, providing unbeatable phishing protection.