Security BSides Las Vegas 2025

The Remote Grift: Cunning Meets Naivete, and the Victims Become the Criminals (Token 03)
2025-08-04 , Misora

For DFIR professionals, the remote grift is no mystery. It’s a hybrid crime, blending an old-fashioned con with technical tools. The grifter is cunning. The victim is trusting – a classic “mark.” The grifter manipulates the mark, who unknowingly commits a crime. The only fingerprints at the scene belong to the mark.

We’ll explore several real-life incident responses where the victim ended up in handcuffs. We’ll reveal details that don’t make the headlines.

It’s a grave injustice, and today’s security awareness training is partly to blame. Yes, the training has done its job (awareness is raised). But it’s mostly stuck on yesterday’s “high-tech crimes.” It’s become an exercise in checkbox security, prioritizing “don’t click” over gut instinct and human psychology.

Basic tech-focused training should not be abandoned, but employees clearly dread current versions. Many view it as a waste of time. New training materials must recapture their attention, hitting hard on the human element. To empower the user against deception, training should engage both the brain and the gut. We’ll discuss a formula to “humanize” security training, making it both more compelling and effective.


n/a

Ira Victor has a quarter century of experience in information security and incident response. Ira co-developed technologies that utilize metadata in unique ways to analyze electronically stored information. Those technologies were granted multiple US Patents. As a private-sector incident responder, Ira located evidence that led to a take-down and successful prosecution of an attacker that jeopardized critical infrastructure. Ira helped craft state statutes in information governance that have become model legislation across the United States. Ira has advised state legislators, election officials, and a state Attorney General on information governance and data security. Ira is a founding Ambassador for the Center for Internet Security (CIS) Controls, the global de-facto standard in information governance and data security. Ira is one of the contributors to A Guide for Defining Reasonable Security (published 2024 by CIS). Ira is a member of the board of directors, and an instructor, for the Computers of Kids Club. The Club has taught over 15,000 low-income students and their parents about security, privacy and open-source software.