Stop Doing Useless Security
Hacklore, exploding identity fraud, and why simple controls still win.
Welcome to the SecFraudOps Newsletter. Enjoy some links that Matt thought were interesting this week. If this is your first time reading, take a moment to subscribe as well!
“The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.” — Daniel J. Boorstin
Security and Fraud
Stop Spreading “Hacklore”: What Small Businesses Should Really Do to Stay Secure
There is no shortage of cybersecurity advice for small and medium-sized businesses. Much of it is practical and easy to understand, even without a technical background. But some long-standing recommendations have not kept pace with modern technology, and a few are simply wrong.
I love seeing the Hacklore message going further. Do the impactful things, and stay away from over-dramatized advice from the past. MFA, strong passphrases and auto-update are the biggest things you should be doing in your personal or small business life.
Fraud In America 2025: The Consumer Threat Landscape
This is the first of a two-part series examining fraud in America from complementary perspectives. Part 1 focuses on how criminals target consumers, examining the methods they use to compromise accounts, steal identities, and defraud individuals.
Identity Theft have over tripled in the last 5 years and this trend isn’t slowing down. Especially since there are little to no real consequences for companies losing our private information.
Fun [Learning] Zone
Passkeys are Your New Best Friend
In practice, this works as follows: When you sign in, the website sends a "challenge." Your device uses its private key to sign that challenge and sends the signature back. The website then uses your public key to verify the response from the device.
These are safer and easier to use the passwords and could replace your password use on many sites today! Try a passkey the next time you are asked. Its a great and secure way to login.
Resources
ChocolateCoat4N6 Cybersecurity Blog
Incident Response, Investigations & Ramblings… [awesome content for security nerds and those looking to be one.]
[See what hackers are using to pull of Ransomware] Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
Career Links
A live, playful career hacking experience for the agentic economy. [Figure out your work priorities and plan a route for your future job in tech.]
Burnout Looks Different Across the Org Chart. Watch for These Signs
Early-career employees burn out from ambiguity and lack of control, managers from “responsibility without authority,” executives from value conflicts and moral strain, and founders from over-identifying with their mission.
Bonus Links
Women in Cybersecurity: Building the Future
Women are thriving and growing in cybersecurity careers, a reality that we should acknowledge and celebrate, says Sarba Roy, CISSP.
Apple says no one using Lockdown Mode has been hacked with spyware
Almost four years after launching a security feature called Lockdown Mode, Apple says it has yet to see a case where someone’s device was hacked with these additional security protections switched on.