Articles on Social Engineering

Below are my perspectives on Social Engineering, drawn from my work as a security leader and practitioner.

• Deception Plant Decoy Personas to Detect Impersonation Attacks
  Decoy personas extend honeytoken thinking to user accounts and public profiles. The technique gives defenders a tripwire on the identity surface that other detection layers don't cover.
• Privacy Unemployment Insurance Fraud and Identity Theft: Up Close and Personal
  Scammers are using stolen personal information to file fraudulent unemployment claims, opening bank accounts in victims' names to receive payments. Victims typically discover the fraud when they...
• Authentication Cybersecurity Advice for Political Campaigns
  Short-lived political campaigns rarely build formal security programs and often assume they're too small to attract serious attackers, but campaigns across the United States have been targeted by...
• Social Engineering Scammers Use Breached Personal Details to Persuade Victims
  Scammers include personal details from data breaches—such as passwords or phone numbers—in fraudulent messages to "prove" they have compromising information about their victims. These mass-mailed...
• Social Engineering Misleading Trademark Registration Invoices and Scams
  Misleading trademark registration "invoices" solicit fees for private registry listings that provide little value, while appearing to be official government bills. These schemes have operated for...
• Social Engineering How to Send Customer Emails That Don't Look Like Phishing
  Customer emails that look like phishing weaken the recipient's ability to distinguish real messages from fraud. Secure customer email must shift the burden from the recipient's eye to authentication...