Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10:00 AM
Joshua Goldfarb
Joshua Goldfarb
Connect Directly
E-Mail vvv

10 Ways to Spot a Security Fraud

There is no shortage of people presenting themselves as security experts. Some of them truly are. The others...

The Latin phrase "caveat emptor" has become an English proverb, and for good reason. "Let the buyer beware" is an axiom that nearly all of us are familiar with. Most of us know the phrase in the context of retail purchases. We were taught, or have learned over time, to never take sellers at their word. We must always perform the appropriate research before making a purchase.

In security, unfortunately, we must practice a different type of caveat emptor. In recent years, security has become a hot field. And sadly, where there is budget and focus, there are also frauds and deceivers. There is no shortage of people presenting themselves as security experts. Some of them truly are. The rest of them, however, are keen to take advantage of security professionals who haven't yet learned to filter the real security experts from the fakes.

To help organizations avoid spending time, money, and resources on security frauds, I offer 10 ways to spot one:

  1. Big words: We all like to sound educated and well-read. There is rarely a point in obfuscating our speech with large, overly complex words that make it harder for others to follow what we're saying. But that is exactly what security fraudsters are after. Most of us are afraid of looking stupid, particularly around our peers. If we don't understand something, we may hesitate to ask for clarification. Frauds prey on this and purposely large words to appear knowledgeable and to confuse us. A general rule of thumb is: If you think you're hearing a large number of complex words in a row, and that when assembled together, they have no meaning, you're probably right. You're likely listening to someone actively looking to deceive you.

  2. Nothing in writing: Honest, hard-working security professionals have no problem emailing or otherwise putting agreements into writing. It's very common for a meeting to result in a follow-on email with minutes and action items. Security frauds can't risk having anything in writing because they can't actually deliver on their promises. If you find that someone repeatedly speaks or makes promises but never puts them in writing, it's a red flag.

  3. No actions: Most of us attend meetings now and again, but we likely spend most of our workdays doing our jobs. If you are working with someone who can never seem to get anything done or perform any tangible action, you might have fraud on your hands.

  4. Numerous lectures: If your job keeps you busy, you're like most security professionals I know. While we all need to take time to step back and see the bigger picture, we also need to balance that with meeting our deadlines and obligations. If you come across someone who always seems to be lecturing others on what they should be doing, how what they're doing is wrong, and/or how things would work in an ideal world, beware.

  5. Grand plans: Many security organizations have a vision. In addition to that, many members of the security team likely have quarterly, annual, and/or multiyear goals and priorities that they're working toward. It's good to dream, but if all you hear from a certain person are grand plans that are not grounded in reality or connected to the current work environment, they may be a fraud.

  6. Excessive name dropping: Many of us in security are fairly well connected. Over the years, we've worked with people, networked at conferences, and made a name for ourselves. But real professionals let their work speak for them, not the names of others in the field that they know. Someone who can't seem to describe the work they've done but is quite adept at name dropping is probably unlikely to actually know most of the people whose names they're dropping!

  7. Overly verbose LinkedIn profile or resume: A LinkedIn profile or resume is a great place to showcase your work experiences and your professional skill set. That being said, if someone's profile or resume reads like a short story or novel, it's time to move on.

  8. Amazing coincidences: There are coincidences in life and some of us have had the good fortune to be in the right place at the right time or the bad fortune to be in the wrong place at the wrong time. That being said, the number of times that most of us are involved in a historically notable event is fairly small. If you've come across someone who claims to have been involved in numerous notable events over time, they may be fibbing. Watch out.

  9. Too many stories: We've all met people who seem to have a story or anecdote for every topic of conversation. Some of these people, it seems, spend their days collecting stories and anecdotes, rather than working and building their skills and experience. These types of people aren't who you need for your security team.

  10. Loose lips: There is one particular Taoist quote that aptly describes the security profession: "Those who know do not speak. Those who speak do not know." If someone goes on and on about events that should be kept close, they're either a huge security risk or they weren't really there. Neither are good for the security organization. Stay away.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Josh (Twitter: @ananalytical) is currently Director of Product Management at F5.  Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye.  Prior to joining nPulse, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-27
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
PUBLISHED: 2021-01-27
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
PUBLISHED: 2021-01-27
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
PUBLISHED: 2021-01-27
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
PUBLISHED: 2021-01-27
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.