8:00 am
Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
10:23 am
You’ve probably seen in the news that a hacker gained access into Sarah Palin’s Yahoo.com email account. The hacker used a simple scheme and basic social engineering tools (research on Google and Wikipedia, common-sense guessing) to reset the password on the account and assume ownership of her email. [For a full account of how a professor, Herbert H. Thompson, used these tools to steal a friends identity (with their permission), visit his recent and extremely interesting article, How I Stole Someone's Identity and the companion radio interview.]
In addition to denying Governor Palin access to her own account, the hacker had full control to:
- Read every saved and current email in her account (hopefully she never sent her Social Security Number, passwords or account numbers via email, not to mention correspondence pertaining to her role as candidate for Vice President of the U.S.)
- Steal the email addresses and any other sensitive information stored in her contacts (John McCain might want to change his email address)
- Send out emails as if the hacker were Sarah Palin, or worse yet, send out official emails as Alaskan Governor, Sarah Palin
The potential for abuse is mind boggling. Sarah Palin should take immediate steps to protect her stolen identity and to secure her future privacy. Here are a sampling of the steps I would recommend:
11:45 am
Are you an expert at something?
In the world of professional speaking, you are expected to be an expert in your topic (to be taken seriously and to make a living). So speakers begin calling themselves experts, sometimes before they deserve the title. It’s like giving yourself a nickname – it feels a bit self-congratulatory.
I’m no exception.
