Last month, I received a suspicious text message from my “bank,” alerting me to fraudulent activity on a credit card that I seldom used. The text instructed me to call a phone number to verify whether a foreign transaction was legitimate. Ever wary of phishing scams, I deleted the text message and moved on.
Later that week, I received an email with the concerning headline: Security Alert: Unusual Activity Detected on Your Mastercard Account. The email instructed me to click a button if the transaction was indeed fraudulent. However, the bank’s logo in the email appeared to be low-res, the fonts were unusually small, and the spacing of the text was haphazard. Those factors triggered mental alarm bells. “Wow,” I thought, “two phishing scams in one week!”
A few weeks later, I received a letter via snail mail. My credit card had indeed been used for fraudulent activity overseas and was now deactivated. Those “phishing attempts” were, in fact, legitimate warnings from my bank.
If you are like me, you’ve had dozens of phishing encounters over the past few years. These emails and text messages appear to be from a legitimate sender like a bank, but are actually fraudsters attempting to trick you into giving away confidential information. Phishing attacks have become so commonplace that it’s difficult to discern what’s legitimate and what’s not.
AIChE staff receive cybersecurity trainings each year to help us better identify phishing attempts. The prime piece of advice that I’ve learned from these trainings is to avoid taking immediate action — like clicking a link or inputting a password. When in doubt, do some digging (e.g., by calling your bank directly) before blindly following instructions in the suspicious email.
The article, “Building a Holistic OT Cybersecurity Program” (pp. 30–36) by Tim Gale, details a few cybersecurity considerations that keep industrial facilities secure. Although cybersecurity in a chemical plant has much higher stakes than the security of my banking information, many of the basic strategies for keeping these systems secure are the same. For example, Gale emphasizes the use of multi-factor authentication to secure remote access. The author calls on industrial facilities to implement engineering-based measures, using principles of cyber-informed engineering, to deter cyber-intrusion and ensure quicker recovery after cyberattacks.
Such protective measures cannot come soon enough. Last September, Reuters reported that U.S. utilities faced a 70% jump in cyberattacks in 2024 compared to the previous year. Power infrastructure systems are becoming increasingly vulnerable as the grid expands to meet surging demand driven by the uptick in electric cars and data centers. And, utility attacks are not just a problem in the U.S. In early 2024, a municipal energy company in Ukraine experienced a malware attack that sabotaged the heating systems in 600 apartment buildings in Lviv. This malware, known as FrostyGoop, sent Modbus commands to manipulate and modify devices used for heating control. The attack left thousands of people without heat in subzero temperatures for two days.
As the sophistication of cyberattacks advances and our lives become increasingly digitalized, the vigilance we apply to protecting our personal accounts and critical infrastructure must also improve. Cybersecurity is not just a technical challenge — it’s a collective responsibility that demands our attention and innovation.
Emily Petruzzelli, Editor-in-Chief
Copyright Permissions
Would you like to reuse content from CEP Magazine? It’s easy to request permission to reuse content. Simply to connect instantly to licensing services, where you can choose from a list of options regarding how you would like to reuse the desired content and complete the transaction.