Articles on Social Engineering

Below are my perspectives on social engineering, drawn from my work as a security leader and practitioner.

• Privacy Unemployment Insurance Fraud and Identity Theft: Up Close and Personal
  Scammers are using stolen personal information to file fraudulent unemployment claims, opening bank accounts in victims' names to receive payments. Victims typically discover the fraud when they...
• Authentication Cybersecurity Advice for Political Campaigns
  Political campaigns face attacks from cybercriminals and nation-state actors who steal credentials, intercept communications, and exploit weak IT configurations. Countermeasures include enabling...
• Social Engineering Scammers Use Breached Personal Details to Persuade Victims
  Scammers include personal details from data breaches—such as passwords or phone numbers—in fraudulent messages to "prove" they have compromising information about their victims. These mass-mailed...
• Social Engineering Misleading Trademark Registration Invoices and Scams
  Misleading trademark registration "invoices" solicit fees for private registry listings that provide little value, while appearing to be official government bills. These schemes have operated for...
• Social Engineering How to Send Customer Emails That Don't Look Like Phishing
  Many legitimate business emails look indistinguishable from phishing attempts, training customers to accept fraudulent messages. Secure customer messages should avoid deep links, come from validated...
• Networking A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
  PayPal overpayment scams target Craigslist sellers using fake payment notifications that ask victims to wire funds to a third-party "pickup agent." Scammers craft stories about working in rural areas...