Hacking Humans

Social Engineering works because we're human.
A flood of misinformation and fake news.
Gaming pro athletes online.
Playing on kindness.
Separating fools from money.
Phone scams, phantom employees and sitting Ducks.
Presidential prank, pensioner pilfered.
Think like an attacker.
Nothing up my sleeve.
Luring unsuspecting money mules.
Focus, technology, and training fight phishing.
Sometimes less is more.
Telling the truth in a dishonest way.
Red teaming starts with research.
Real estate transactions in the crosshairs.
Influence versus manipulation.
Stringing along a scammer.
Kidnappers, robots and deep fakes.
Easier to trick than to hack.
Information is the life blood of social engineering.
Waste my time and I'll waste yours back.
Fear, flattery, greed and timing.
Scams are fraud and fraud is crime.
Human sources are essential.
CEOs can be the weakest link.
Be very aware of your desire to be right.
Bringing trust to a trustless world.
A pesky problem that doesn't go away.
Truth emerges from the clash of ideas.
At some point you're probably going to have to do some running.
Trained humans are your strongest link.
Prisoners have nothing but time.
Opening your eyes to the reality in which we live.
The excitement of tricking someone wears off quickly.
Make it seem like the real answer is impossible to know.
The trauma is multifactored.
Stop and think before you click that link.
Delivering yourself to a kidnapper.
Don't assume younger people get it.
When we rush we make bad decisions.
Kids are a great target.
Pick a persona to match the goal.
Girl Scouts empowering cyber security leaders.
Scammers have no ethics whatsoever.
I have been practicing honesty and truthfulness my whole life.
Let's play, "Covered by cyber insurance — true or false?"
Twitter bots amplifying divisive messages.
A data-driven approach to trust.
Live at KB4CON 2019.
People aren't perfectly rational.
Be willing to admit you don't know everything.
The best way to break in is to walk through the front door.
Just because I trusted you yesterday doesn't mean I trust you today.
The knowledge / intention behavior gap.
Be wary of all emails.
Encore — Separating fools from money.
Know and spot the patterns.
The skills gap disconnect.
Looking after Dad.
Images are the language of the brain.
Positive pretexting on the rise.
Swamping search results for reputation management.
Backups backups backups.
Securing your SMS.
Think before you post.
An ethical hacker can be a teacher.
Algorithms controlling truth in our society.
The usefulness of single sign on.
The ultimate hacking tool.
Don't trust ransomware to tell you its real name.
The fallacy of futility.
The ability to fundamentally deceive someone.
Don't dismiss the fraudsters.
The Malware Mash!
When you are the target, objectivity is gone.
Skepticism is the first step.
Security has to be friendly.
I really wanted that shed.
If you didn't ask for it don't install it.
Managing access and insider threats.
Telling The Truth In A Dishonest Way - Rebroadcast
Leading by example and positive reenforcement.
Ransomware is a reality.
Life in the (second) age of pirates.
Flipping the script.
They had no idea.
I wouldn't want my computer to be disappointed.
Fake news and misplaced trust.
Hi, I'm trying to steal your money.
The art of cheating.
Don't go looking for morality here.
Winking emoji.
Disinformation vs. misinformation.
Paging Dr. Dochterman.
Shedding light on the human element.
Even famous people get scammed.
They're getting smart, but we're getting smarter.
Wallet inspector.
Passwords are the easiest things to steal.
Exploiting our distractions. 
Every day you're a firefighter.
How scammers fill the gap.
HH Extra - Happy 100 shows!
Wearing a mask in the Oval Office.
Seniors and millennials more alike than people think.
Presenting: Ask more people to dance. - Career Notes
Taking a selfie with your ID.
It can happen to anybody.
Close in your pajamas.
Because they deserve the money!
Send me money so I know you are real.
A little dose of skepticism.
Never think of security as a destination.
Be the custodian of your own digital identity.
Ignore the actor, focus on the behavior.
NMAP (noun) [Word Notes]
Flying under the radar.
Zero-day (adjective) [Word Notes]
Many times it is less sophisticated than we think.
man trap (noun) [Word Notes]
Take a deep breath.
social engineering (noun) [Word Notes]
It's evolving rapidly and getting more furious by the minute.
penetration test (noun) [Word Notes]
The story is what gets people in.
cross-site scripting (noun) [Word Notes]
Your information is already on the Dark Web.
The Bombe (noun) [Word Notes]
It's human nature.
credential stealing (verb) [Word Notes]
Cookies make for some tasty phishing lure.
phishing (verb) [Word Notes]
Don't click any button...even the 'No' button.
darknet (noun) [Word Notes]
Use a Dance Dance Revolution floor lock for your data centers.
rogue access point (noun) [Word Notes]
What is true and important versus what is the spin.