When we can’t patch a vulnerability, we have three options. The first is to redesign the system so that the hack is too difficult, too expensive, less profitable, or generally less damaging. This also works when outlawing a hack isn’t enough, and we want to make it harder as well. The second is foreknowledge. If I can teach you about business email compromise and how it works, you will become better able to recognize when you are being targeted by it, and—hopefully—less likely to fall for it. This is how we defend against email and phone scams that slip through automated filters. This is how
...more
