May the Fourth: Security Lessons from The Mandalorian

The Star Wars series provides good examples that we can use as lessons to combat scammers attempting to profit from COVID-19, writes Tyler Reguly.

• By Tyler Reguly
• May 04, 2020

As part of my day job, I work around the clock on the second Tuesday of every month to provide our customers with the latest details on Microsoft vulnerabilities. This cycle, which I’ve maintained since 2006, occasionally interferes with real life – causing me to miss concerts, musicals, and TV premieres. Nov. 12, 2019 was a memorable one because friends were messaging me all day about the premiere of "The Mandalorian" on Disney+. The first thing I did when I woke up on the 13th was put on the episode. The only word that came to mind as I watched the episode was perfection.

Over the eight episodes of season one, the entire world was enamored with the series. Baby Yoda was a huge hit, with everyone wanting to get their hands on Baby Yoda merch before Christmas. Sure, Baby Yoda was cute and all, but I loved the space western vibe. For me, the series was everything I wanted out of Firefly but in the Star Wars universe. It also preached the ongoing message of Star Wars… a message that seems more important than ever right now – a message that we all need a little help sometimes.

This sentiment isn’t new. Lennon and McCartney penned "With a Little Help from My Friends" for Ringo Starr to sing on The Beatles’ eighth album. While it is an iconic Beatles song, for my generation Joe Cocker made the song famous. So many people know it as “The Wonder Years song” and, honestly, it gives me chills every time I hear it. The underlying sentiment is often forgotten, but it’s all about getting through a rough time with help from your friends.

Right now, the world is in disarray – we’re experiencing that “rough time.” We’re facing a situation with the COVID-19 pandemic that many of us never thought we’d experience. Unemployment rates are high, there are lines for grocery stores and entertainment that involves leaving your home is a thing of the past. People are scared and panicking. We’re all seeing our mental health impacted, we’re all questioning if there’s a light at the end of the tunnel, we’re all nervous to find out what tomorrow will bring.

Sadly, that fear is as good as blood in the water. It brings out all the sharks. We’re seeing a spike in phishing attacks and security issues, particularly in communication and collaboration applications. Unfortunately, our fear is cause to celebrate for the criminals that prey on the innocent. A panicked single parent waiting on their stimulus check in the United States, an out-of-work retail employee awaiting their CERB payment in Canada or an individual new to Universal Credit in the UK. These are all prime targets for phishers and other scammers.

I think The Mandalorian provides a lot of good examples that we can use as lessons to help combat these scammers and other technology related issues that we encounter as we learn to live and work in a COVID-19 world. This May the Fourth, let’s take a look at a few of them.

Spoiler alert: The rest of this article discusses plot details of The Mandalorian, so if you haven’t seen it and don’t want to be spoiled, this is your warning!

Let’s start with pride. We could get biblical here and say, “Pride goeth before destruction.” I think, though, that the Mandalorian, who we’ll call by his nickname “Mando” for the remainder of this article, better encapsulates this value. If you’ve seen the series, you know that time and time again Mando needs help. It’s actually a great example of the concept of an urban legend, he has a reputation as a powerful lone wolf, but he is constantly helped by others. Every time he comes close to failing, someone bails him out. Often, asking for help initially, would have saved him time and made life easier for everyone. For example, Mando would have been in hot water if the rest of the Mandalorians hadn’t made themselves known to save him from the other bounty hunters. Although, as the series evolves, so does he, and eventually he does ask for some help.

Recently, a relative fell for a tech support scam again. She reached out to ask us about it after she had given them her credit card details, while they had remote access to her computer. These are the stories that we hear all too often – people asking for help after it’s too late. It’s important to take a beat and not act impulsively. Mando didn’t have to charge in to save Baby Yoda after seeing the discarded bassinet, he could have come up with a plan and asked for help… he could have confirmed what he was getting into. This is what people need to do with they get a pop-up, a text message, or a phone call. Your ISP is never going to contact you and say, “We detected a virus on your computer, please visit this website and provide your credit card details so we can remove the virus.” Think about what you’re getting into, consider the possibilities, ask for help.

That puts a lot of onus on us in the tech industry as well. We’re famous for making jokes about foolish friends and family asking for help or outright refusing to help them. At a time like this, when people are inundated with scams, we need to help them out, answer questions and provide guidance. I regularly get Facebook messages asking me to confirm emails or text messages, asking if URLs look questionable. This is a positive. It shows that people want help and we should make it as easy as possible for people to get our help right now.

In order for people to put aside their pride and ask for help, they need to realize they need help. They need to recognize that something isn’t quite right. You’ve heard of the sniff test? Well, this is the perfect time to apply it. When something smell’s fishy, it probably is. If we revisit the Star Wars universe’s latest hero, we can talk about episode six, where Mando teams up with mercenaries he knows from his past to help with a prison break. He is initially cautious, but after getting double crossed, his suspicion increases. When the episode ends, we realize that the mission didn’t quite pass the sniff test and he has scammed the scammer. While it’s not expected that everyone scam the scammer, it’s good to know when something doesn’t smell right and you need to walk away.

A friend realized last month that an email they got didn’t sit quite right with them. It was an email from “Canada Post”, but on closer inspection the email address was canada.post.ca@icloud.com and not a canadapost.ca email address. The linked website was a .ru domain, typically not a domain associated with crown corporations in Canada (or really any legitimate business in North America). The gist of the email was that a package could not be delivered and they required a $2.00 fee for redelivery. This was all explained with very broken English. The website contained one of the sketchiest, laziest credit card input forms that I’ve ever seen. Thankfully, because the email and website didn’t pass the sniff test, my friend reached out and she was saved from any issues that might have popped up. Whether you call it situational awareness, common sense, or anything else you want, remember that thinking about risks and going with your instincts can really save you.

Finally, let’s step away from scams, and talk about communication. We’re relying more and more on technology to communicate. Software like Microsoft Teams and Zoom are keeping us connected at work and families are relying more and more on Facebook Messenger and Facetime. My niece and nephew have been video calling my wife and I, and I just spoke to my mom the other day and heard that she got a wakeup call from my sister and other niece that morning. Technologies that were only really associated with younger generations are now being used by everyone.

Along with increased usage comes increased risks. We’ve heard about security risks in the software we’re using and Zoom Bombing on open video sessions. Many of the issues that we hear about could be avoided with intelligent use of the tools we’ve been given. Some issues are with the software and we must be diligent about updating as fixes become available, but we also need to know and understand our tools. When the Armorer makes Whistling Birds for Mando, although he is familiar with them, she still provides a warning. We need to heed the warnings that come with technology, to realize that a piece of video conferencing software is a tad more complex than a blow dryer or an impact driver.

When the Jawas strip Mando’s ship, he refers to it as destroyed; the technology overwhelms him. The older, wiser Kuill points out that it is not destroyed and that it can be repaired with the parts. The entirety of episode 2 looks at the dismantling of the ship, the recovery of the parts, and the rebuild process. Sure, plenty of other things happen, but this is the movement of the technology. For Mando, with his limited understanding things look hopeless, but Kuill sees a light at the end of the tunnel; he sees a way to make the technology do what they need it to do. Not everyone is going to be an expert with technology, so it may seem like it’s impossible to secure a conversation or ensure your privacy. There are ways to make things work better and to limit your risk. You just need to understand your tools. If this is outside of your wheelhouse, then loop back to where we started… just ask for help.

The Mandalorian was great for a number of reasons, and if you’re stuck in quarantine and haven’t watched it, it’s worth spending a day to binge it. If you don’t see the lessons I’m describing, hopefully I’ve at least described them well enough to make a point.

The only way that we’re going to beat the scammers and use technology to get through these dark times is if we work together and lend a helping hand. Don’t be afraid to ask for help or an explanation, plenty of people are looking for ways to contribute and would be glad to lend a hand.