Fraud Training: Interrogate the Enemy
During your fraud training exercises, fostering an attitude of curiosity (or in the corporate world, a culture of curiosity) is the most powerful critical thinking skill in your arsenal of tools to protect sensitive information. Employees who can think critically and ask the right questions regarding data privacy make up the fabric that supports a Culture of Privacy. Interrogation is the art of questioning someone thoroughly and assertively to verify intentions, identities and facts.
Questions: Who’s in Control? Can I Verify? What are my Options? What are the Benefits?
When spies need information, they ask for it. They “socially engineer” or con their victims with a variety of tools.
The primary tool for evaluating risk once your reflexes have been triggered (Hogwash) is to interrogate the person or institution asking for your information. Interrogation is not meant to be about forceful or physical questioning. I define interrogation as clear, aggressive questioning used to establish whom you can trust, how far you can trust them, and with what information.
Sticking with the language of espionage, an Enemy is anyone or anything (including a computer, fax machine, email, letter, etc.) requesting your information, information of someone you know, or information about your organization. It is not designed to make you confrontational or warlike – that is taking the metaphor too far. Once you have established a trusted relationship, you are no longer in enemy territory.
The 4 Phases of Interrogation: ConJOB
There are four phases of interrogation (and 4 corresponding questions) that effectively begin to expose most forms of fraud:
- Control (Who is in Control of this interaction?)
- Justify (Can the person requesting information Justify their legitimacy?)
- Options (What Options do I have other than sharing the data?)
- Benefits (What are the Benefits of the particular choice I’m making?)
As you have probably already noticed, the acronym formed from the first letters of Control, Justify, Option and Benefits make the word ConJOB. The acronym serves two purposes. It should be easy to remember, and it serves as a way to remember how to expose a con job by using aggressive questioning!
John Sileo conducts fraud training and social engineering workshops for a variety of organizations, including the Department of Defense, the FDIC, Pfizer and the Federal Reserve Bank. To learn more about bringing John in to train and entertain your company, contact him directly on 1.800.258.8076.