I remember when I started in the industry as a risk manager – over a decade ago, when people still used MySpace! – what floored me was not the long list of acronyms to learn or the complexity of online payment systems.
It was the sheer amount of fraud.
Of course I knew about hackers and scammers. But online commerce was still far from what it is today, and yet the fraudsters were already everywhere.
It was as if I had glanced at a whole new world – one which was hidden, with the majority of the population being blissfully unaware of it, up until the point that they themselves fall victim to it.
Working in this industry makes you see the world differently, much like how metro workers see the city differently from ordinary commuters.
There are of course hard skills that you can learn but at the end of the day, you’re under the hood of the global ecommerce machine. Complex systems stand between you and the real world, and your job is to try to understand that human story on the other side.
All the signs, data points and picked-up information are just pieces of a puzzle.
The hard part is that you still have to make sense of the picture once you put it together. And what we call stories in the real world are nothing more than patterns when shown on a screen. A given case will be judged according to what pattern it fits, in the head of the analyst.
Back in those days, you could only learn new patterns by shadowing more senior people or discovering them on your own.
These days, thankfully, there are many resources that you can use to build up your knowledge. While fraud and risk management has its own domain knowledge related to payments, regulation, and compliance, it’s adjacent to cybersecurity, which has a large and mature community.
The more technically inclined anti-fraud people frequently transfer to security. The fact that both careers have paranoia practically as a job requirement certainly helps.
Below, I’ve collated some of our favorite sources of knowledge and information. The list is by no means exhaustive – there are many more out there. But it’s a good starting point.
The ability to spot patterns is not something that can be picked up from a handbook; it’s more of a mentality that you learn via osmosis. An eager fraud fighter is someone who submerges themselves into this world.
Portals & Blogs
Infrequent activity on these sites means you have to grab your RSS reader or check on them every once in a while – or just spend an afternoon or two going through the archives. They range from industry publications to veritable influencers but if it’s newsworthy and concerns us, it will appear here.
Association of Certified Fraud Examiners
- The ACFE is the world’s largest anti-fraud organization and as such the old-school resource kit.
- Our friends at About Fraud are busy running the industry’s go-to portal, with plenty of content, events, training courses and even a job board.
- Industry veteran Frank McKenna’s blog, with always up to date insights on what’s happening in security worldwide.
- The man. The legend. Brian Krebs. If something breaks, it’ll appear here first.
- Run by Informa, Dark Reading is a news portal specializing in security, with plenty of relevant expert commentary.
- A now defunct substack publication that goes into depth on the various types of fraud & scams out there.
- The blog of Thaddeus Grugq, providing independent commentary on all things cybersecurity
- The identity as a service provider company’s blog is a treasure trove of information.
Podcasts
Podcasts cast a wider net and as such, they deal with less techy stuff, focusing more on the story – as is the tradition of oral storytelling. The closest to what we have as an industry water cooler chat.
- SEON’s very own fraud-focused podcast is currently in its second season, featuring fascinating chats on everything fraud-related with brilliant guests, including fraud analysts and former fraudsters themselves. This podcast aims to provide insights into the psychology of those who attack and exploit systems and discuss true-life examples of the thrills and frustrations of risk management.
- Hosted by Mike Jones, a former hacktivist, the H4unt3d Hacker show looks to break down barriers of entry to the industry and aims to inspire younger people to get stuck into the world of cybersecurity. Find industry interviews, a community on discord, and a magazine all part of its arsenal. Mike has also appeared in an episode of SEON’s podcast.
- Malicious Life educates listeners about how the cybersecurity industry as a whole has transformed over the years, zeroing in on the ‘unknown stories” of times gone by with comments from active hackers, security experts and more.
- Winner of the European Cybersecurity Blogger Awards 2021 Best Podcast award, Jenny Radcliffe brings on board a range of industry leaders to discuss the human element of fraud and cybersecurity. Jenny is a true expert in social engineering, previously being hired specifically by companies to bypass security systems.
- The Dark Money Files is a podcast series run by two UK-based AML experts and aims to explain how dirty money enters financial markets around the world and what the broader consequences are in a conversational manner.
- The Scam Goddess, hosted by US comedian Laci Mosley, is a more relaxed podcast breaking down some of the biggest cons throughout history and updates on some of the latest related news, with other comedians providing backup to her superb research. As the saying goes, if you don’t laugh… you cry.
- Saving the best for last? Jack Rhysider takes his audience on a storytelling journey through the world of cybercrime, highlighting the scary reality of the world wide web, including interviews with active hackers, defenders and subject matter experts.
YouTube Channels
Now ye enter the land of wizards: the hacker community proper. The archives of these channels are worth digging through, as some of these talks and events are legendary. As a fraud/risk manager, you can only get so far in understanding what’s possible, while the hackers will always be there to tell us that there is in fact no spoon, Neo.
- Black Hat is the most respected information security conference on the planet, and their YouTube channel features the best lectures of the events.
- The most recognized hacker convention, annually held in Las Vegas. As you can expect, it features the forefront of things that are either scary or straight up terrifying in cybersecurity.
- The CCC is Europe’s largest hacker association, founded in 1981. They hold an annual conference called the Chaos Communication Congress, and their channel is an archive of the speeches and demonstrations.
- Ethical hacker & penetration tester Heath Maverick Adams’ channel, with a wealth of information regarding infosec.
- Similar to the above, Digital Investigator Benjamin Stricks’s channel is practically its own training course in the field.
Subreddits
You know. Forums. Lurk more.
If we’ve missed something you feel is important, or if you spot something cool that belongs on this list, feel free to throw us a message on any of our social channels!