The image below shows the role confirmatory bias can play in social engineering exploits. Two situations are depicted. In the first, the insider desires access to information supplied by the outsider’s created (deceptive) scenario, as depicted in the R2 (orange) feedback loop. The second is where the insider desires to be helpful to the malicious outsider in need as depicted in the R3 (green) feedback loop. Both loops portray the reinforcing of trust in the outsider’s authenticity and the subsequent desire to access information or to be helpful.

“Unintentional Insider Threats: Social Engineering - US CERT CMU/SEI-2013-TN-024”

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

May 7 Social Engineering Confirmation Bias workflow

Jun 13 Stealing money from the Internet's ATMs or paying for a bottle of Macallan

Jun 27 Wildcards gone wild!

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.