When American Express’s machine-learning detectors spot a suspicious transaction, the company may send a one-time verification code to make sure you’re really you, and you really want to buy those 25 Stanley Cups.

Tina Eide, EVP of global fraud and risk management at Amex, has noticed that threats actors have turned up their social game and have gotten better at sucking up that temporary credential right into their tumbler.

“Social engineering has become very prevalent. Leveraging the customer and reaching out to the customer, and almost getting them involved unknowingly, is really a trend at the moment,” Eide told us.

Eide shared her advice for consumers and spoke about authentication factors the company is exploring in 2025.

This conversation has been edited for length and clarity.

What is a typical example of social engineering for Amex?

The social engineering is really focused on getting that one-time password. It’s my number one piece of advice for customers: Protect that one-time password. It is a dynamic password. It’s unique for that situation only, and when we send it to you, we send you context. We tell you that “This password is for a transaction at this merchant,” or “This passcode is so that you can add your card to your digital wallet.” What’s happening is customers are not necessarily reading all of the text. They may be on the phone with somebody who’s pretending to be from a financial institution, or pretending to be from a merchant asking for that, and the customer just grabs the number and reads it off.

Read the rest here.—BH

Recent data from tech recruiting firm Karat shows the job market for software engineers is “poised to rebound after a period of uncertainty,” although potential employers got pickier this year.

In 2024, according to Karat’s annual tech hiring trends report, respondents indicated the average technical interview score required to get a job increased by 12% year over year—indicating “increased importance on hiring consistency and improving the quality of hires.” From 2023 to 2024, US engineering leaders also reported higher satisfaction with engineering performance (53% to 63% “very satisfied”) and confidence in meeting hiring targets (45% to 57% “very confident”).

According to Gordie Hanrahan, senior director of communications at Karat and lead researcher on the report, engineering leaders appear to be ending the roughly two-year pause in technical hiring.

“Software engineers are being valued higher than ever in terms of the ROI that they deliver companies,” Hanrahan told IT Brew, but potential employers have been changing focus on their technology goals.

Engineering leaders said they had increased the priority of hiring for every single category of engineering role—including AI engineer, full-stack developer, and cloud architect—with the sole exception of blockchain engineer, which saw a minor YoY decrease.

“People are looking to fill a lot of these roles that had been a little bit left out last year,” Hanrahan said.

Read more here.—TM

If you’re a cybersecurity professional, odds are you’ve worked alongside experts in a number of fields. Security is so tied up in day-to-day operations that it’s nearly impossible for IT teams to stay in their bubble.

One type of professional you might run into is someone from insurance—like Nadine Moore, managing director and partner at Boston Consulting Group. Moore combines her insurance expertise with cybersecurity knowledge.

“Working in an industry based on risk, having a network [or] systemic thinking frame in that sector, and then having a lot of technology experience brought me to this place where I’m oddly qualified to do my job,” she told IT Brew in December.

Background information. Insurance has been top of mind for some IT execs as costs are rising in the face of increased attacks. As IT Brew reported, a recent report from Coalition, a provider of cyber insurance, raised concerns over the cost of a spike in ransomware breaches.

IT Brew spoke to Moore last year at CES, where she explained that institutions looking to prioritize security will need to put their money where their mouth is. “You need to take a fresh look at, ‘What am I doing? Am I getting the risk-return trade-off for those investments? And now that I have these new things I have to think about, if I have $1, where am I going to put it?’” Moore said at the time.

IT bio. A former network engineer, Moore was already working in the insurance industry when she became interested in cybersecurity. Around nine years ago, she told IT Brew, she was offered the opportunity to work on improving security at the company she was working for; her first project was testing the NIST framework of the company’s controls with a red team. The experience had her hooked.

Keep reading here.—EH