Frauds, scams, swindles and cons involve taking advantage of victims through the use of deception, which is itself a form of social engineering. As such, fraud definitely qualifies as an information security concern, making it a valid topic for the security awareness program. What’s more, fraud is an inherently fascinating subject. The deviously creative nature of fraudsters means they find surprising ways to dupe and manipulate people, processes and systems, undermining or bypassing controls that superficially appear sound.
Fraudsters may exist within or without the organization, sometimes both. Procurement frauds, for instance, often involve dishonest or coerced employees acting in collusion with external suppliers to misappropriate the organization’s funds. Collusion between individuals is a particularly challenging concern in relation to fraud since it negates a very important form of control – the division of responsibilities between individuals.
The breakdown of trust is another problem with fraud, a serious consequence given that commerce and society revolve around trust. I'm deep into Bruce Schneier's latest book Liars and Outliers at the moment, and intrigued by the concept that fraudsters, hackers and other adversaries are 'defectors' who choose to ignore the explicit and implicit rules of society. I'm sure I'll be drawing on that thought in future awareness modules and bloggery.
Anyway, please check out the fraud awareness module and get in touch to subscribe to NoticeBored. Provided you have the time, inclination, skills and expertise, there's nothing to stop you writing your own suite of creative and motivational awareness materials on interesting security topics such as fraud every month ... but how much it will cost you to do that? And wouldn't you rather spend your valuable time interacting with your awareness audiences, not to mention "having a life"?