2024-11-22 –, Ngaio Marsh Theatre
When it comes to cybersecurity, sometimes the thing that people forget is that a solution or an account is only as secure as the individuals who are authorised to access it. By targeting the human element, an individual does not have to try break through firewalls or defense mechanisms or access accounts. All they need to play to is the person that takes the time to respond - to elicit a reaction strong enough to make that person think that what they are doing is for their benefit or required.
The best way to do that, is by targeting one's emotions. Let's talk about some of the ways this can be successful using technology, focusing on Advance-Fee Fraud, Romance Scams, and Phishing Attacks.
My talk is based on the research I did for my final post grad research paper, titled "Hijacking Human Emotion: The Exploitation of Others Through Technological Scamming".
I feel passionate about this topic because people are so quick to blame the individual who have been scammed without even realising the effort and in-depth thought that can go behind it nowadays. Scams have been around for a long time, and they are getting increasingly sophisticated, especially around a time where we are still developing into the technological sphere and people have a false sense of security online.
Some scammers are in the game for the long haul, and they will use technology, something that is deeply imbedded in today's society, to their advantage.
The purpose of my presentation is to hopefully get across that you do not need to be a technological mastermind in order to scam someone out of something. My talk covers technological characteristics and expected or conditioned human responses that are taken advantage of in conjunction with one another in order to successfully scam another individual.
It is getting more and more relevant. Consider the story at the beginning of the year where a financial assistant handed over tens of millions of dollars thinking he was doing what his boss wanted. AI was used instead to manipulate his response and encouraged him to do what he thought he was being told to do.
This is one of the few crimes, if not the only crime where the malicious person is not actively stealing anything or breaking into anything to achieve their goal. The intended target is voluntarily providing the money or account information, albeit under false pretenses. There is no active 'taking'.
That is the point I want to get across.
I come from a background in criminology and admittedly, cybersecurity never crossed my mind as a potential career path. It wasn't until my final year of post grad study that I delved into the world of scams and thankfully after, Helix Security took a chance on me as an Associate Security Consultant. Here I am two years later at Bastion Security, still passionate about the world of scams, how technology can be used to manipulate and exploit others, and used for a purpose other than it was originally intended for.
In my spare time, I enjoy cooking, playing squash, and reading.