Articles on Social Engineering

Below are my perspectives on Social Engineering, drawn from my work as a security leader and practitioner.

• Deception Plant Decoy Personas to Detect Impersonation Attacks
  Decoy personas extend honeytoken thinking to user accounts and public profiles. The technique gives defenders a tripwire on the identity surface that other detection layers don't cover.
• Privacy Unemployment Insurance Fraud and Identity Theft: Up Close and Personal
  Criminals can file unemployment claims in your name using stolen data, and a credit freeze won't stop them. The warning signs are subtle, and reporting the fraud helps even though clearing your name...
• Authentication Cybersecurity Advice for Political Campaigns
  Short-lived political campaigns rarely build formal security programs and often assume they're too small to attract serious attackers, but campaigns across the United States have been targeted by...
• Social Engineering Scammers Use Breached Personal Details to Persuade Victims
  Scammers include personal details from data breaches—such as passwords or phone numbers—in fraudulent messages to "prove" they have compromising information about their victims. These mass-mailed...
• Social Engineering Misleading Trademark Registration Invoices and Scams
  Misleading trademark registration "invoices" solicit fees for private registry listings that provide little value, while appearing to be official government bills. These schemes have operated for...
• Social Engineering How to Send Customer Emails That Don't Look Like Phishing
  Customer emails that look like phishing weaken the recipient's ability to distinguish real messages from fraud. Secure customer email must shift the burden from the recipient's eye to authentication...