How to Create Good Business Continuity/Disaster Recovery Plans

We generally have no idea when a disaster is coming, and even if we do have a heads up, it’s very possible that things are going to go wrong.

How to Create Good Business Continuity/Disaster Recovery PlansThis is where a business continuity plan comes into play for you. What does it do? It is a plan that helps your company get through a disaster. Disaster could mean a natural disaster as in mother nature makes a mess of things, it could also mean fire or flood and it could mean a significant security incident that takes down all systems.

What Does Business Continuity Mean?  

Business continuity, commonly shortened to BC, typically refers to a plan that helps your business function as soon as possible following a disaster. Again, this could be a flood, a fire, or a cyber-attack, amongst other things. With this type of plan in place, you can look to it for specifics when these things occur.

Some people believe that a DR plan, or a disaster recovery plan, is exactly like a business continuity plan, but that’s not true. A disaster recovery plan specifically focuses on IT, and it is actually a part of a full business continuity plan.

Consider your own company. Do you have a plan that would allow you to get your sales up and running? Do you have customer service ready to go if you had a flood? Could you keep handling customer requests if you lost your company to a fire? All of this is part of a BC plan.

Why Your BC Plan is Important  

It doesn’t matter if your business is small or large, you have to remain competitive in the market. It is important that you keep your current customers engaged while also bringing in new ones.

Ensuring that your IT capabilities are up and running is extremely important, and there are many solutions available. You can rely on your IT team for this, but what about the rest of your business functions? The future of your business greatly depends on how quickly you can get back to normal, and if you don’t, you could see your customers leaving in droves.

Your business might also experience losses including financial losses, legal losses, and of course, the loss of your company’s reputation.

The Important Parts of a BC Plan 

If your company doesn’t have a BC plan, you should start by taking a close look at all of your business processes. Look for areas of vulnerability and try to determine what your losses might be if you lose functions in those areas for a day, a few days, a week, or more.

Next you should start creating a course of action. Here, are there six steps that you should take:

1.   Identify what you want to do with the BC plan

2.   Choose areas that you want to focus on

3.   Determine the most critical functions

4.   Look for areas and functions that are dependent on others

5.   Calculate how much downtime is acceptable for any functions that are critical

6.   Create a plan to keep your business open and working as much as possible

One of the best tools that you can have when creating a BC plan is a checklist that includes your supplies and equipment, the location of backups, who should have access to the plan, and a list of contact information for important people, emergency contacts, and backup providers.

Keep in mind that a DR plan is only a part of a full BC plan, do if you don’t have a DR plan in place, this is a great time to make one. Resources that may assist in a DR plan may involve your inhouse IT people, a Virtual CISO or a Managed Service Provider or MSP. If you do have a DR plan, don’t just assume that it will work with your new BC plan. You must make sure they both fit together.

As you begin to create this plan, consider meeting with others who have gone through a disaster and used a BC plan. They can give you a lot of information and share what worked and what didn’t.

Test Out Your BC Plan 

It is imperative that you ensure your plan works before disaster hits, and the only way to do this is to give it a try. The best thing, of course, is a real disaster, but you can also create a “fake disaster” in order to test it out.

You need to make sure that your BC plan is complete, and that it meets your needs in case there is a disaster. You don’t want to take an easy way out, though. Any test should fully challenge your plan, too. Additionally, you must make sure that everything is measured. If you just try to skate by, your plan will be weak, and you could run into issues if a disaster strikes.

It is recommended that you plan on testing your BC plan a couple of times a year, especially if there are potential changes to the plan, like new equipment or staff. Doing things such as simulations or walk throughs can help your team practice and make sure they are ready in case a disaster hits.

Review and Improve Your BC Plan…Always  

The effort you put into testing your business continuity plan cannot be stressed enough. Once this is done, some organizations let it go and focus on other things, but this can quickly lead you to trouble.

Things are changing all the time with both technology and personnel, so it is important that your plan is always up to date to reflect that. This means, that it is a good idea to at least once a year to review your plan with your staff and point out areas that might need to be updated. Additionally, you may want to get staff feedback, which you can ultimately add to the plan.

Ensuring Your BC Plan Will Work 

By taking a casual approach towards creating this plan, the odds are good that it will fail. Every business continuity plan has to have the support of all staff, including senior management, who must take on a very active role in supporting the plan.  On top of this, a plan like this has higher odds of success when management makes it a priority.

Finally, it is extremely important that senior members of staff promote user awareness of this type of plan. After all, if your team doesn’t know about it, and at least a few details about it, how are they supposed to act on it when a disaster strikes? Training and distributing the plan is important, too, so think about working with your human resources team to make sure that all of your staff is aware of the plan and what is in it. This way, your staff knows that it is important, and they can see it as an important part of your business.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Use Caution When Closing on Your New Home

It’s Realtor Safety Month. Real estate agents and their clients are targeted by violent criminals and cyber thieves. Statistically, tens of thousands of real estate agents are subjected to violence annually. Wire fraud, where a homebuyer’s email or real estate agent’s email is hacked, lose millions in various mortgage fraud closing scams. Studies show on average, Americans buy 3 to 5 homes in their lifetime. Chances are, you’re going to be engaged in some form of a real estate transaction in the next 5-10 years. There are a few things to know.

Think about this for a minute: You have been working hard and stocking money away, and you have finally found your dream home. The loan goes through, you wire the money to the bank or title company, and you think all is well. You go to sign the final paperwork and your heart falls out of your chest…they tell you that they never received the money, but you sent it. What happened? You were the victim of a real estate scam.

Real estate scams are more common than you probably think, and they often involve phishing. The scammers can take over the email address of the Realtor, the buyer, the title company, etc, and it is happening much more than ever before. In fact, it’s so common that buyers are losing millions of dollars each year.

When a hacker takes control of the email address of a real estate agent or a title company, they can then send very official-looking emails to people asking them to wire money for their new home to a specific bank account. However, what these buyers don’t realize is that the money goes to a different bank account…one that belongs to the hacker. By the time the scam is discovered, the money is long gone.

Sadly, this scam is getting more and more common, and it has happened to thousands of people trying to buy homes. One of the issues is that the real estate industry, as a whole, doesn’t really pay as much attention to security as it should. Though there are things like encryption, the real estate industry, including real estate agents, use a lot of free accounts and unprotected methods of communication. On top of this, Realtors and title agents are always on the move, so they use a lot of public Wi-Fi to access their accounts. This is essentially like inviting the hackers in.

Stopping Scams During Real Estate Closings

If you are looking to buy a house, you definitely should make sure that you are taking the right steps to prevent scams like these. Here are some things that you should do:

  • Don’t use email as the only way to set up your financial transactions. Use the phone, make a call, and confirm all of the transactions that are occurring.
  • You should have everything in writing, and then double-check all of this. Make sure you are using some type of system such as meeting the Realtor or title company in person or via video chat.
  • If you get directions to wire money, contact the company first to make sure that it’s legitimate. Don’t email them and ask them to call, however. Why? Because you could simply be emailing the hacker.
  • Also, make sure you confirm via phone with the title company, bank, and real estate agent about any money transfer.
  • Verify all transfers as soon as you can. If you believe you have sent money to a scammer, immediately call the bank. They may be able to freeze the money.
  • Ask the people you are working with about their email. Is it secure? How do they know? Do they use encryption and two-factor authentication? Are they using strong passwords?
  • You can also ask if they have a “forwarding email” set in their settings. Even if they say no, make sure they check. Many people who are victims of this don’t even realize that their emails are being forwarded to hackers.
  • Do they know if people are logging into their email from other locations?
  • Ask them to enter their email address at the Protect Now FREE Email Checker to see if their email has been compromised in a data breach You can also check their email address right on the site. Then, if you find the email address in vulnerable, you can tell them, and they can take the appropriate steps.

Remember, you should never assume that anyone, including yourself, is totally secure during any type of real estate transaction. You should not take for granted that the Realtor has someone in their home, such as their child, who could be using the same computer for gaming, and it is filled with spyware.

Buying a home is typically the biggest financial transaction that people ever do, and if you fall victim to a scam like this, you can easily be ruined, financially. Be aware, cover your bases, and be annoying if you must; you should always insist on a secure transaction when buying a home.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Cybercrime and ALMOST EVERYTHING You Need To Protect Yourself

One of the most lucrative illegal business ventures out there is cybercrime, and there are no signs that it is slowing down anytime soon. Over the past 10 years, the “bad guys” have created new and highly sophisticated methods of capitalizing on users of the internet, and the odds are that they will simply not be caught. At the same time, consumers are facing more risk than ever before.

Why is Cybercrime so Dangerous and Can You Be Safer?  

If you are a service professional like me who “puts it out there” I’m sorry to inform you that we are at high risk of becoming a victim of cybercrime. Most of us have gotten phishing emails from people asking for something; many of us have websites that contain a lot of personal info and it is very easy to find our social media pages. Not only is this enough to scam us, it is also enough to scam our clients. You can also add the dangers that traveling puts us into thanks to risky public Wi-Fi. Fortunately, there are some things that you can do to keep yourself safer.

Social Media Risks 

Anyone who uses social media is at risk of becoming a victim of a criminal hacker. It’s pretty dangerous, but I have some good advice. I do training and conferences all of the time, and one of the things I recently told a group of our US Army soldiers is this; “Do not post anything online that you would not tell the enemy.”

It’s that simple.

Afterall, you never know who is paying attention. Do you remember the “Bling Ring?” This was when those teenagers broke into the homes of celebrities like Orlando Bloom and Paris Hilton a number of times. They stole jewelry, clothes, watches, and more…and the teens knew about it because these celebs were posting the items on social media accounts.

Protecting Yourself from Spyware and Viruses  

Here are some tips that you can use to protect yourself from spyware and viruses:

  •  Consider using a safe search web browsing software that is often found in full versions of antivirus software. This helps to alert you of potentially malicious sites by showing a red, yellow, or green dot next to the links on the search engine. Green dots are safe, yellow dots show you should use caution, and red dots…those have some sketchy reports, so be careful.
  • Don’t download any file that doesn’t come from a safe site, and never download a torrent file or software crack. These almost always have spyware.
  • Don’t click on any pop-up window that you are not expecting. Instead, close the window or get out of your browser.
  • Make sure that you are updating your OS’s security patches and always have the latest version of your web browser installed.

Understanding Social Engineering 

Have you heard of social engineering? It is the act of manipulating others into doing certain actions or giving information. Generally, it applies to some type of deception for the purpose of collecting information to commit fraud or gain access to a computer. In most situations, the cybercriminal will never meet or come in contact with their victims, so you must always use caution.

Some Things are Safe, But Some are Not 

It is quite important that you recognize that most people aren’t out to get you; but guess what? Some of them are. This means that you have to realize that some emails you get are not safe, some people who call you are not who they say they are, not everyone who walks into your work is honest, and not everyone who knocks on your door has the best of intentions. Social engineering is a con between people, but technology can help to keep you safer.

Have You Heard of ATM Skimming?  

The danger isn’t always online. It can also happen as you are out and about during your day. You probably use your debit or credit card a lot, and the cybercriminals are out there waiting to collect your information through ATM skimming. They do this by placing a device over an ATM card slot. It easily blends in, and when you swipe your card, the criminals can collect information on your card. They even install cameras to record you putting in your PIN.

Protecting Yourself from ATM Skimming

You can protect yourself from the ATM skimming scam by doing the following:

  • Pay attention to credit card and bank statements
  • Report unauthorized transactions as soon as possible
  • If you can, use your credit card over your debit card. Generally, a credit card offers more protection against fraud than a debit card. Plus, it’s better to get fraudulent credit card charges than a totally empty bank account
  • Cover your hand when you are entering your PIN into any keypad

Caller ID Spoofing; What You Need to Know 

Another cybercrime you need to know about is called ID spoofing. These days, odds are higher than ever that the person on the other end of a ringing phone is a scammer. Criminals can use a method called “spoofing” to hide their information. Basically, they hide the phone number that they are calling from, and instead create a new one. Oftentimes, they will create a number that has the same area code as the person they are calling, as people are more likely to answer local numbers.

Protecting Yourself from Caller ID Spoofing 

You should never assume that the number popping up on your caller ID is legit, and you should never ever give any personal information over the phone, even if the caller ID looks real. If a person on the other end of the line says that you have won something, or creates a sense of urgency, tell them that you are going to call them back. Then, look up the number of the company or person and call that number back.

Protecting Yourself When Shopping/Banking Online

It doesn’t matter if you are shopping, banking, or answering emails online. Protecting yourself is important. Here are some things you can do:

  • Be suspicious of any email that contains an offer of some kind, especially one that is too good to be true. The same should be said for getting offers via social media.
  • Beware of possible phishing scams. Do not click on email links; always type in website addresses into the browser or use a bookmark.
  • Are you aware of typo-squatting? Pay attention to how website addresses are spelled. They might look remarkably like a real website but are a letter off…. i.e. GOOGLE.com vs G00GLE.com.
  • Only engage in business with companies or people who you know and trust. It is best to buy big-ticket items from brick-and-mortar stores, too.
  • Ensure your computer is secure. You should always keep your operating system updated with security patches, virus definitions, and antivirus software. Do not use a public Wi-Fi connection when doing online shopping.

Is Public Wi-Fi Safe?

Unfortunately, public Wi-Fi is not secure. There are a number of security risks that are associated with public Wi-Fi. These networks broadcast signals through radio frequencies, which means that anyone who has the right tools…and these tools are easy to find…can intercept the data that is sent through it.

To protect yourself when using public Wi-Fi, you should use a virtual private network (VPN) software. I really like Hotspot Shield VPN, but a lot of people really like Nord VPN, too, and it’s pretty good.

When you go online, whether it’s at a hotel, airport, or even local coffee shop, don’t log into any account unless you are connected to a VPN.

Even if you have a VPN, keep the following in mind:

  • Be smart about what you are doing online when connected to a public Wi-Fi connection. Do you really need to check your 401k while drinking your cappuccino?
  • Don’t sore any type of critical data on a device, and then use it outside of a network that is not secure.
  • Turn off Bluetooth and Wi-Fi on your cell phone or laptop when you aren’t using them. A device can still be sending wireless signals is very appealing to a hacker.

Should I Have ID Theft Protection?

You might have seen ads for ID theft protection but assumed that your identity would never get compromised, so that would be an unnecessary expense. Unfortunately, that’s just not true. We all should have ID theft protection. These services monitor your credit report and protect you if your identity is stolen.

Though, keep in mind that these services don’t protect against credit fraud or bank accounts, but they are good to have.

What is a Credit Freeze?

If you don’t have a credit freeze on your account, you are putting yourself at risk even more. A credit freeze, sometimes called a security freeze, locks down a credit file so that a lender cannot check your credit. This is a good thing, as it means that criminals cannot open any new accounts using your name nor your Social Security number…and if a lender can’t check your credit, they are very unlikely to extend a line of credit.

Keep in mind that you need to get a credit freeze from all of the credit bureaus including Experian, Innovis, TransUnion, and Equifax.

You can easily find out more about credit freezes for each company by searching on Google. While you are at it, you can freeze the credit of your kids, too. Make sure you keep records and learn how to “thaw” your credit when it’s time.

Keeping Your Passwords Safe and Protected

The most important thing that you need to know about passwords is that there is no such thing as a totally secure password. Some passwords are more secure than others, of course, but they can always be found out. Passwords are extremely convenient for people who want to access your accounts.

Is a Password Manager a Good Idea?

You might have heard of password managers, and if you have more than one online account…which you probably do…you should consider using one. You should have a unique password for every account, and it can be difficult for you to remember them. So, it is very tempting to use the same password for every account. But, if a hacker gets this password, they have access to all of your accounts. Instead, use a password manager to make your life easier.

  • When you use a password manager, you create a password that is secure and safe, and all of your passwords are protected by a hard to guess master password.
  • This master password allows you to access any site you have an account on through your password manager.
  • When you update a password on a website, the password manager will remember it and update it on all of the computers or devices you have the software on.

When you begin using a password manager, it is very likely that you will notice that you don’t have to worry about your online accounts. You will also notice the following:

  • When you visit a website for the first time, you won’t need to put your password in. Instead, you open your password manager and enter your master password.
  • The password manager you use fills in your username and password, which then allows you to log into the site.

Set Up Two Factor Authentication on All Accounts

Any account that you have that has any importance should have two-factor, or two-step, authentication. This is a further step you can take to protect your passwords. Remember, once a hacker has access to your password, that’s all they require to get into your account.

When you use two-factor authentication, the first thing you have to do is enter your password. However, there is an additional step here, too, which is why it is also called two-step authentication. Basically, the site you are trying to log into will send a code to your phone or email, whichever you choose. This is a unique, one-time code that you can use to log in. Essentially, you are using two passwords, your original password and the code, to log into your accounts. This code changes each time you log in, so a hacker would have to have access to both your password AND your phone and/or email address, in order to get into your account.

  • Almost every major company and corporation website that you use has some type of two-factor, or two-step, authentication.
  • To find out if the accounts that you have offers two-factor log ins, simply search for the term “two step verification” and the name of the company, i.e. eBay, Gmail, Amazon, etc.

Protecting Your Credit Cards

Many of us use credit cards in our daily lives, and there are a number of things you can do to protect yourself from credit card fraud.

  • Take a close look at your credit card accounts on a regular basis. Check on your purchases every month, and then look to see if there are any odd or unfamiliar charges on them. Don’t only look for big charges, either. A small charge could still be a scam, and sometimes the hackers make a small purchase to make sure it goes through before buying something big. If you can, check your accounts a couple of times a week.
  • Set up “push” alerts on your credit card accounts. These alerts might come via email or text, and you can set them up for different activities. For instance, you can get a text any time you make a purchase over $100 or get an email when there is an online credit card transaction.
  • Don’t save your credit card information online. Some website allow you to store your credit card information if you make regular purchases, but it is much more secure to manually enter the number every time you shop.

This is all good advice, and you shouldn’t get overly worried about it, but be smart about it and take this advice to heart.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

The Tricks Behind the Clicks: Cyber Scams and Psychology

What is it that makes people fall for scams? Cybercrime is as hot as ever, with new and more creative scams popping up all the time. There is plenty of focus on spotting scams, but less so on what makes people miss the signs.

The Tricks Behind the Clicks: Cyber Scams and PsychologyMartina Dove, Ph.D., is a senior UX researcher at Tripwire and an expert in fraud psychology. Her research into the brain’s reaction to cyber scams and how the human mind operates when presented with a scam makes for an interesting read. On top of this, it also takes a look at fraud, and how susceptible we are to it, and it does this by using Dove’s own model.

Cybercrime from a Psychological Standpoint 

Discussions around cyber security often center on the technical aspects of security and data protection for businesses and people’s personal lives. New gadgets, devices, controls, and defenses are constantly circulating- which helps the fight to fortify our information and secure the confusing and tricky online environment.

Trust is a fundamental human trait. Humans trust by default. Scammers capitalize on this knowing that people look at life and scams and trust first, and scrutinize later. The hard part is how we can best keep ourselves, and our minds, safe against scams and where the holes might lie. The fundamental psychology behind the cybercrime mentality is underexplored, and so far, discussions often go no further than scratching the surface.

This is surprising, considering that it has such huge impact on what motivates people on either side of a scam. According to the latest Verizon Data Breach Investigations Report (DBIR)social engineering is the most common type of attack in regard to cybercrimes.

The psychological elements of how phishing emails are presented, the power of persuasion, and what makes people fall for scams are all important to really understand how things work and ultimately how to avoid becoming a victim.

Martina Dove’s Research into Fraud Psychology and Scams 

Few people have provided quite as much insight into this topic as Dove. Having specialized in fraud psychology, Dove became particularly interested in the concept of gullibility when pursuing her master’s degree and ultimately decided to carry it through into her Ph.D.

In an interview with Tim Erlin of Tripwire, Dove said that she had always been interested in the idea of gullibility, which is what makes a person gullible- and what it really means to be a gullible person. After reading an article published by two psychology researchers who were exploring the tricks and techniques used by scammers (particularly in phishing emails), Dove decided to drive her own studies down a similar route, diving deeper into the human psyche and scam vulnerability.

The main point of this research is a fraud susceptibility model that looks at the ins and outs of what puts a person at risk on a psychological level of falling victim to spam, scams, and phishing.

According to Dove, it was not her intention to create a model when she first started- the research naturally took her in that direction as she uncovered more fascinating theories about persuasive techniques, thought processing, and personalities that may influence how people react to these attacks.

Martina Dove’s Ph.D. research has also been turned into a book called The Psychology of Fraud, Persuasion, and Scam Techniques, which is available on Amazon.

The Fraud Susceptibility Model 

The research that ultimately led to the model in Dove’s book started as a questionnaire designed to build a “measurable scale of fraud vulnerability.” It was scorable, with the answers determining what areas of a person’s personality put them at risk.

After a series of tests and experimental studies, along with expert analysis and validation, the model just created itself. Dove explained that some factors that influence susceptibility could actually be mapped and used to predict a person’s natural reaction when faced with a fraudulent situation. The fraud psychology expert also went on to describe how the model is used to determine compliance and the reasons behind it, as well as how people strategize after they realize they have been victimized.

It looks into the characteristics that leave a person most susceptible at each stage of a scam.

1.   Precursors

How do personal circumstances- emotional, social, financial, etc. – influence how we react to fraud? Does our demographic play a role? Our family situations? Essentially, how great an impact do our social surroundings and everything that comes with them have on our ability to identify and avoid scams?

2.   Engagement with scammers

Once a person is on the hook, what techniques does the scammer use, and how do personal character traits change how we respond? What types of persuasion works best on different personalities, and how do scammers identify and exploit these vulnerabilities?

3.   Dealing with victimization

Dove’s model explores the conscious versus unconscious decision-making processes that occur when people deal with phishing emails and other fraudulent communications- and after they realize they have been fooled. How do people accept what happened, and how does it impact their behaviors?

Throughout her research, Dove shares examples of circumstances and characteristics that can make people more or less susceptible.

  • Group mentality: Someone who is highly concerned with being part of a group and uncomfortable going against the status quo may ignore signals of uncertainty and doubt if others disagree.
  • Compliance: Naturally compliant individuals are hardwired to follow instructions. Scams prey on this, hoping that the ‘no questions asked’ mentality is enough to make a person adhere to requests.
  • Impulse: Impulsive people are less likely to take time to assess a situation and take the necessary steps to confirm a source or authenticity. Those who tend to favor fast decision-making over meticulous processes are more likely to become fraud victims.
  • Belief in justice: It may sound strange, but people who believe criminals will get caught and that bad things don’t happen to good people are vulnerable. Because they don’t see these things as pressing threats, they may overlook obvious signs. The naivety that says, “this won’t happen to me- I am a good person,” is potentially dangerous.
  • Background knowledge and self-evaluation: How much a person knows- or thinks they know- about cyber security can be a hindrance. People assume that their understanding of how scams work and what to look out for will protect them from becoming victims. This is, to a point, true, but it can also make people complacent. Being an expert in a field doesn’t disqualify a person from falling victim to targeted fraudulent communication.
  • Reliance on authority and social confirmation: If someone is particularly concerned with what others think, they may be at more risk. Authority-driven individuals may make decisions based on the belief it is a request from a superior, and socially-driven people may go along with something because of influence from friends or family.
  • A general predisposition to scams: According to a study published via ScienceDirect, some people are just prone to fraud because of their engagement levels. Everything about them may suggest otherwise, but they have something in them that makes them more likely to go along with a scam.

Examples of Scams and Victim Profiles 

Here are two examples of scams and the types of psychological profiles they are likely to target. 

  • Business Email Compromise Scam: The basis of this type of scam is a boss or member of management emailing an employee asking for urgent funds. It preys on qualities such as compliance, obedience, respect for authority, and hierarchical values. People who have a strong belief in the pecking order are less likely to question a demand made by a superior and are therefore more likely to comply without hesitation.
  • Sexploitation Scams: These scams use fear as the driving force to get people to comply with demands. A scammer working in this field uses language to evoke a person’s most primal drives- hoping their influence takes over the more practical aspects of human thinking. Anyone can struggle to make intelligent decisions when they are especially scared or excited, but someone prone to fast emotions is more likely to be a prime target.

It is interesting to see how different these two examples are, which shows how much a person’s emotional makeup and core values can impact their likelihood to become a victim of fraud.

The Challenges Facing Scam Awareness 

As Tim Erlin rightfully pointed out during his interview with Martina Dove– a significant challenge that stalls the progress of beating cyber criminals is the underlying sense of shame and embarrassment many scam victims feel. He stated that people don’t want to admit they fell for it and may not even report that it ever happened. This, sadly, is true and only adds to the stigma of fraud victimization- making it harder to build a substantial defense against these crimes.

Furthermore, there is a dangerous habit out there of immediately labeling scam victims as stupid, making them feel guilty for being the target of what is, at the end of the day, a crime. Fraud is as real as robbery, yet the victims are treated very differently.

Increasing the awareness and understanding of why these things happen and changing the narrative of how victims are perceived could help bring a more accepting mainstream view.

How Can Martina Dove’s Research Help with Fraud Awareness Training? 

Modern businesses are acutely aware of the very real risk of cyber scams and take steps to protect and educate their staff, but is there enough focus on vulnerability rather than vigilance? The idea that anyone can fall for a scam needs to be more publicized, and people made aware of what exactly is it about a person’s personality and psychology that makes them vulnerable.

As cyber security professionals can confirm- the human aspect is and always has been the weak link in the defense chain because people can make mistakes, and the brain is open to mind games. If scammers are getting better at playing on the mind, then security experts need to get better at educating people on how this exploitation works.

Using Dove’s research to make anti-fraud training more human-focused and interactive could be the difference between a person falling victim and feeling ashamed and being aware of emotions used against them- and being able to stop an attack in its tracks.  

Practical Advice for People at Risk

As part of Dove’s research, she complied a checklist of actions to take towards proactively identifying potential scams and avoiding being drawn into the deception. Here is a brief summary of the key points for consideration. 

  • Question how it makes you feel: Scams play on emotion and aim to evoke a strong reaction, so how you feel when you read something could be an instant warning sign.
  • Look for further language clues: Is there any wording that seems overly strong or makes you feel bad in a way that seems unnatural?
  • Beware of links: A quick and convenient ‘click here to solve your problems’ may not be what it seems. Only access trusted links and log into any secure accounts via the official portals and never through an email.
  • Make space for rationality amongst emotion: Understand that what you feel in the moment could have been engineered through clever psychological tricks and attacks. Take a step back, wait to make a decision, and ask for opinions from family and friends if you are not sure about how to proceed.
  • Scrutinize the details: Look into correspondence for any sign of falsification or something that just doesn’t feel right. Emotional people may be quick to act, but they can also have strong senses of instinct.
  • Don’t rush to action, no matter the request: Sometimes, a pause is all it takes. Stopping and thinking is never bad practice in any walk of life or decision to be made.  

Final Thoughts 

Everyone was not created equally when it comes to emotions and how they drive our thoughts. Moderating how they impact decisions and how vulnerable they make us to gullibility is not easy, and greater awareness is needed.

The ties drawn between psychology and cybercrime are truly fascinating and open up an interesting and far overdue conversation about the correlations.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.