Monday, December 1, 2025

Word of the Month for December 2025: Constitutional Republic v. Democracy

Ever since the election in November 2024, I've been hearing the terms "Constitutional Republic" and "Democracy" getting batted around like beach balls at a Beach Boys concert.  

What is bothersome is that because so many people of importance (self, or otherwise) have been mixing these terms, there is a risk that both or either of the terms will be as generalized and common as "statutes" and "code" (which are NOT the same thing).

Wait, generalized?  What do you mean by that?

Well, certain formerly trademarked terms have, over the years, become so overused that they've become part of the public domain and are no longer protected under Trademark laws.

You've heard these terms but you may not know that what you are saying was once trademarked or otherwise important terms that have become more common over time.  Some better known examples include:

See what I'm talking about?  If nothing is done to ensure that terms like "Constitutional Republic" and "Democracy" maintain their distinctive meanings, then we the people will become no more unique than Jolly Old England (from which we split back in the 1700 's).

So, before we get too far into this, let's define each of these terms.  

A Constitutional Republic is a form of government in which citizens elect representatives to make decisions on their behalf, and the government's power is limited and defined by a written constitution. 

This constitution establishes the fundamental principles and laws, protects individual rights, and outlines the separation of powers among the executive, legislative, and judicial branches to prevent any one branch from gaining too much control.

Key features of a Constitutional Republic include:

  • Elected leaders (including the head of state, often a president) rather than hereditary rulers
  • A system of checks and balances to balance power and prevent tyranny, especially protecting minority rights from majority rule
  • Government authority derived from and limited by the constitution, ensuring rule of law applies equally to all citizens
  • Citizens participate indirectly by voting for representatives rather than directly on all laws, distinguishing it from a direct democracy

A Democracy is defined as: a system of government in which supreme power resides with the people, who exercise that power either directly or through elected representatives under a free and fair electoral system. The term literally means "rule by the people" (from Greek demos "people" and kratos "power").  Essentially, the majority rules.  A person's individual rights are secondary to the majority rule.

Key characteristics of democracy include

  • Popular sovereignty: The people hold ultimate authority and govern themselves.
  • Political equality: Every citizen’s vote or voice has equal weight in decisions.
  • Participation: Citizens participate either by voting directly on laws (direct democracy) or by electing officials to represent them (representative democracy).
  • Rule of law and protection of individual rights: Democracies typically uphold laws that protect freedoms, equality before the law, and minority rights, preventing unchecked majority rule.
  • Mechanisms for accountability: Fair elections, freedom of speech, and peaceful transfer of power allow citizens to hold officials responsible.
The primary difference between the two is that a Constitutional Republic is governed by a foundational document (a Constitution) that limits government power to protect individual and minority rights.  A pure democracy operates on the principle of majority rule with fewer inherent protections for the minority. 

A key problem with mixing up or watering down the terms "Constitutional Republic" and "Democracy" can be problematic is because it obscures critical distinctions that affect how people understand government structure, individual rights, and the protection against majority tyranny.

A pure democracy centers on majority rule which can risk the tyranny of the majority where the majority may impose laws or policies detrimental to historical minorities or to people who don't want to do what the majority wants them to do.

"So what," you might say?  

Even though we are a Constitutional Republic, there are a number of times when Majority Rule (i.e. Democracy) took over, over the years.  For example: if you're old enough to remember, in the 1950's-60's, blacks and Mexicans were regarded as less than due to Majority Rule.  

Railroad companies imported thousands of Chinese workers to build railroads networks that crisscrossed America and then exiled them to slums when the work was done or prohibited Chinese from immigrating to the U.S. due to Majority Rule.  

While those of Japanese descent were carted off to internment camps after the attack on Pearl Harbor, I can't remember any internment camps for those of German descent when Hitler declared war on America - all thanks to Majority Rule.

So, "so, what"?!  The "so what" is that if there is no distinction between "Constitutional Republic" and "Democracy," the vocal minority will overtake the will of the silent majority in no time, flat!

What is particularly annoying is that notwithstanding the important distinction between the two concepts, there are a number of modern politicians who seemingly disregard the importance of the difference between a Constitutional Republic and a Democracy, such as:

Joe Biden (former POTUS)

“We have to defend democracy. That’s who we are as Americans.”
Biden, Speech in Philadelphia, September 2022

“Democracy is on the ballot.”
Biden, November 2, 2022, speech on threats to democracy

“Democracy is more than a form of government; it’s who we are.”
Biden, Inaugural Address, January 20, 2021

Analysis: Biden consistently frames the United States as a democracy in identity and governance, emphasizing threats to “democracy” but not distinguishing it from the U.S. being a constitutional republic.

Kamala Harris (Vice President)

“We must defend our democracy, protect our democracy, and strengthen our democracy.”
Harris, Speech in Selma, Alabama, March 5, 2023

“We are a democracy, and our democracy is strongest when everyone participates.”
Harris, July 2022, National Urban League Conference

Analysis: Harris regularly equates America’s system with “democracy” in public speeches, using it to describe the system itself rather than acknowledging its republican constitutional structure.

Barack Obama (Former President)

“Democracy does not work if people do not vote.”
Obama, Speech at University of Illinois, September 7, 2018

“We are the only advanced democracy that deliberately discourages people from voting.”
Obama, August 28, 2020, eulogy for John Lewis

“Our democracy is at stake.”
Obama, various campaign speeches 2020–2022

Analysis: Obama frequently uses “democracy” as shorthand for the American system and for electoral participation, with no distinction from the structural identity as a constitutional republic.

Nancy Pelosi (Former Speaker of the House)

“We have to fight for our democracy.”
Pelosi, January 6, 2022, Capitol Remembrance

“The sanctity of the vote is the foundation of our democracy.”
Pelosi, July 2021, on voting rights legislation

Analysis: Pelosi consistently frames the U.S. system as “our democracy,” emphasizing voting as its foundation, without reference to constitutional republican principles.

Hillary Clinton (Former Secretary of State)

“Our democracy is under assault.”
Clinton, October 2020 interview with The Atlantic

“We need to protect our democracy.”
Clinton, various campaign appearances 2016–2020

Analysis: Clinton, like other modern Democrats, uses “democracy” to describe the American system, focusing on electoral participation without acknowledging the U.S. as a Constitutional Republic.

OK, OK, enough with the political rhetoric, what I want to know is how distinguishing between a Constitutional Republic and a Democracy actually helps the modern attorney and/or legal system under which we now operate.

As it happens, there are a number of reasons why it is important to distinguish between a Constitutional Republic and Democracy for the modern lawyer.  

Lawyers Operate Under a Constitutional Framework, Not Pure Majority Rule
In a constitutional republic, laws, policies, and government actions must comply with the Constitution.  So, even if a majority of voters or legislators support a law, if it violates constitutional rights (e.g., First Amendment, due process), lawyers can challenge it in court.  This means lawyers can protect minority rights and individual liberties against majority preferences.  
 
For example, even if 80% of voters passed a state law banning certain speech, lawyers can still challenge it as unconstitutional.  In a pure democracy, that law would stand because it reflects the majority’s will.
 
Judicial Review Exists Because We Are a Constitutional Republic
Presently, lawyers have the ability and opportunity to argue constitutional challenges in federal and state courts (e.g., using the Supremacy Clause, the Bill of Rights, the 14th Amendment).  Under a Constitutional Republic, courts have the authority to strike down laws that violate constitutional principles, regardless of how popular the law is. 
 
If we were purely a democracy without constitutional limits, lawyers would have no basis to overturn laws simply because they violate individual rights.
 
Protection of Clients' Rights Against Government Overreach
Lawyers rely on constitutional protections to defend clients against unlawful government action.  For example, in criminal cases, defense lawyers often use the 4th, 5th, 6th Amendments to challenge unlawful searches, coerced confessions, or unfair trials.  
 
Civil rights lawyers use 1st and 14th Amendments to challenge discriminatory laws.  These protections only exist because the Constitution is a higher law than that of the will of the majority.
 
Constitutional Limits Guide Legislative and Executive Actions
Lawyers advising government agencies, legislators, or executives must ensure policies conform to constitutional standards, not just public opinion.  
 
For example, election laws must comply with Voting Rights Act and other constitutional protections.  Also, criminal statutes must meet due process and equal protection standards.
Finally, in a constitutional republic, powers are divided between the federal and state governments as specified in the United States Constitution.  
 
Lawyers use these principles to challenge federal overreach under the 10th Amendment, assert state sovereignty, and determine jurisdictional questions in litigation.  In a pure democracy, there is no guaranteed distribution of powers between federal and state levels.
 
Bottom line is that lawyers function as our last line of defense defending the Constitutional order and our individual rights (like free speech, gun rights, voting rights) - which ONLY exist because we live in a Constitutional Republic.
 
That's the "so what"! 
 
Posted by 0 comments

Monday, November 24, 2025

2 Weeks

Have you ever been fired?

So, picture it - you're cruising through your job, doing your thing aaaaaand you get called in to the bosses office (or HR)
where they tell you you are being terminated.  
 
Consequently,  you are ushered out the door without so much as a how do you do.

Which all seems odd.  Why, you might ask?  Well, why is it employers can terminate you and kick you to the curb THAT DAY (or even within seconds) but you the employee has to give 2 weeks notice before you leave?

I mean, it doesn't seem equitable that employers can do whatever they want but employees have to wait it out for 2 weeks at a place they hate.

Not equitable, at all.

I suspect it comes down to the fact that most states follow an at-will employment relationship.  For our purposes, at-will employment relationship is on where employers can fire you at any time, for any reason, or for no reason at all as long as it’s not illegal (e.g., not because of race, religion, retaliation, etc.).

Conversely, employees can quit at any time for any reason, or with no reason given without legal penalty (unless they have a contract that says otherwise).

Even under an at-will employment relationship, employers cannot terminate you for reasons that violate:

  • Federal or state discrimination laws (race, color, sex, religion, national origin, disability, age, pregnancy, etc.)

  • Retaliation laws (for reporting harassment, OSHA violations, whistleblowing, filing workers’ comp claims, taking protected medical/military leave, etc.)

  • Public policy (firing you for serving jury duty, voting, refusing to break the law).

  • Contracts (union agreements, executive contracts, or even implied promises in handbooks).

While at-will employment relationships exist in most states, there are exceptions to the rule:

Montana (the only true "not-at-will" state):
After a probationary period (usually 12 months unless a contract is in play), employees can only be terminated for "good cause" under the Wrongful Discharge from Employment Act (WDEA).

California
Is an at-will state (under Cal. Labor Code § 2922).  Recognizes implied contracts (i.e. handbooks and policies) that limit firing to "for cause."   Courts are willing to enforce these implied agreements.  Strong public-policy and whistleblower protections are also in play. 

Arizona
At-will by statute (A.R.S. § 23-1501) but recognizes implied-in-fact contracts and public policy exceptions broadly.

Nevada
Similar to California - strong recognition of implied contracts and public policy exceptions.  Even though at-will is the default, these Nevada laws carve out exceptions:

  • NRS 613.330 – Prohibits termination based on race, color, sex, sexual orientation, age, disability, religion, or national origin (discrimination).
  • NRS 613.340 – Prohibits retaliation for opposing discriminatory practices or filing a complaint.
  • NRS 618.445 – Protects employees from retaliation for reporting workplace safety issues (OSHA).
  • NRS 281.370 – Protects public employees from political activity discrimination.

Massachusetts
Recognizes implied covenant of good faith and fair dealing, which can require payment of earned commissions/benefits even if employment ends.  While there’s no single Massachusetts statute declaring “all employment is at-will,” several statutes limit at-will firing:

  • Mass. Gen. Laws Ch. 151B → Prohibits discrimination (race, religion, gender, sexual orientation, disability, age, etc.).

  • Whistleblower Protection Act (Mass. Gen. Laws Ch. 149, § 185) → Protects public employees from retaliation for reporting wrongdoing.

  • Wage Act (Mass. Gen. Laws Ch 149, §§ 148–150) wages, and can’t terminate to avoid payment.

  • Public Policy Exception (Case Law) → Employees can’t be fired for exercising a legally guaranteed right (jury duty, filing workers’ comp, refusing to commit a crime).

New Jersey
Recognizes a broad "public policy" exception (Pierce v. Ortho Phamaceutical, 84 N.J. 58, 417 A.2d 505 (1980)). Terminations that violate public interest may be wrongful.

Delaware
Good faith/fair dealing exceptions recognizes, particularly when employer terminates to avoid paying benefitsDelaware’s at-will presumption is limited by various statutes, including:

  • 19 Del. C. § 711 (Delaware Discrimination in Employment Act)  Prohibits termination based on race, color, religion, sex, sexual orientation, age, disability, genetic information, or national origin.

  • 19 Del. C. § 1703 (Whistleblower Protection Act) Protects employees from retaliation for reporting violations of law.

  • 19 Del. C. § 2365 (Workers’ Compensation Law) Prohibits retaliation for filing workers’ comp claims.

  • Public Employee Protections  Certain public employees (teachers, police, firefighters) have statutory “for cause” protections, not at-will.

So, essentially, an at-will employment relationship says I can quit at any time and employers can terminate me at any time.  So where does the 2 weeks thing come in?

The 2 weeks thing comes into play because, as unwritten rules go, giving 2 weeks notice gives the employer time to find a replacement or transition work, which avoids burning bridges.  Also, employers are more likely to give good references if the employee leaves on good terms.  Finally, some companies have formal policies requiring notice to receive certain benefits (like a PTO payout).

OK, great, but why is there no stigma against employers just drop kicking an employee?  I'd say, it's because usually employers have more capital (i.e. money) and they know they have the upper hand.

I knew one friend of mine who got the boot and was tossed to the curb within mere minutes.  They didn't even let him clear out his desk.  

Why?

When an employer decides to terminate someone, they may want to act quickly (e.g., to protect trade secrets, avoid sabotage, or stop performance issues).  Employers might kick someone out poste haste because paying someone for an extra two weeks when they aren’t needed could be expensive.  An at-will employment relationship gives employers this discretion.

It all sounds so antiseptic but it doesn't take into account that pain-in-the bumpkis that is a result of being terminated without notice.

So, let's get down to brass tax.  MUST an employee give notice before they quit?

 

Short answer, no.  

There's no law saying you have to give notice before leaving.  Of course, unless you have copious amounts of cash just laying around, there is a whole lot of articles on why leaving without notice is not such a good idea like:

  • Future References – If you want to use that job as a reference, leaving professionally may keep that door open.

  • Networking Reputation – Industries can be smaller than they look. Your old boss might know your future boss.

  • Transitioning Benefits – Some companies only pay out unused vacation/PTO if you give proper notice.

  • Avoiding Burning Bridges – If you ever need to come back (or work with them indirectly), a professional exit keeps it from being awkward.

The thing about networking and maintaining future references, I had an instance where a former employer had to ask permission if she could give a reference.  I told her if she has to ask for "permission," don't bother - I'll find someone else.

As to burning brides, so what?  Walking on eggshells all the time is no way to live.  Besides, no employer is big enough to be able to interfere with a former employee's future employment without some consequences.

While at-will employment is prevalent in the majority of the United States, former employees have legal avenues to challenge unlawful interference with their future employment opportunities, such as:

1. Reeves v. Hanlon33 Cal.4th 1140, 94 P.3d 1082, 17 Cal.Rptr.3d 289 (2004) 

  • Summary: The California Supreme Court held that a former employer could be liable for tortious interference with an at-will employment relationship if the interference involved unlawful or unethical conduct, such as misappropriating confidential information or improperly soliciting clients. The court emphasized that while at-will employment is generally terminable by either party, interference with such relationships through wrongful means is actionable.

2. Robinson v. Shell Oil Co.519 U.S. 337, 117 S.Ct. 843, 137 L.Ed.2d 124 (1997) 

  • Summary: The U.S. Supreme Court ruled that Title VII of the Civil Rights Act of 1964's anti-retaliation provisions apply to former employees. In this case, the former employer allegedly provided a negative reference to a prospective employer in retaliation for the employee's prior discrimination complaint. The Court held that such post-employment retaliation is prohibited under Title VII.

3. Pantchenko v. C.B. Dolge Co.581 F.2d 1052 (2d Cir. 1978)

  • Summary: In this case, the Second Circuit Court of Appeals held that an employer's refusal to provide a reference and making disparaging statements about a former employee to prospective employers could constitute tortious interference with prospective economic advantage. The court emphasized that such actions could harm the employee's ability to secure future employment.

4. Rutherford v. American Bank of Commerce565 F.2d 1162 (10th Cir. 1977)

  • Summary: The Tenth Circuit Court of Appeals found that a former employer's actions, including advising prospective employers that the employee had filed a Title VII sex discrimination suit, could constitute tortious interference with prospective economic advantage. The court held that such actions could harm the employee's future employment prospects.

So, let's say you want to quit.  What can you do to convey the message, ensuring that there is no room for doubt for what you are doing, AND you do it in a classy enough way so that everyone leaves with a warm a fuzzy feeling?)?  Well, you can do what this guy did and everyone goes home feeling less funky.


So, whether you're a CEO with a huge golden parachute or a little guy (or gal) with no cash but a whole lot of moxie, know that you don't have to put up with an uppity employer and can just quit and leave whenever you want.

Posted by 0 comments

Monday, November 17, 2025

Old Dog, New Tricks

The other day I was working with a Master Carpenter.  What impressed me was how many tools he had in his shop.  Some I could identify, others not so much.

As an omniscient law librarian, I have many tools at my disposal, too, and have used many legal databases in my time teaching and research law and legal things.

The problem with using legal databases like Westlaw or Lexis or Bloomberg Law or Fastcase, Anylaw.com, etc. is that you (as in the individual) have to come up with a search string(s) that you hope will dig up whatever it is you're looking for.

What is a search string?

While you can always run searches using natural language (like what most people do in Google), a search string typically uses more complex terminology.  It's like it's own programming language and when you get into it, it really helps to narrow down your search results to the point where you can really dial into what it is you actually need.

Formally called Boolean search syntax, a Boolean search syntax uses terms and connectors to help narrow search results.

Boolean search connectors common to most all browsers and legal databases include:

 
 
And if all you're going to use is your common, everyday browsers, these will work great.
 
However, if you're ever going to step up and play with the big dogs, you're going to need to know how to develop a proper Boolean search syntax using one (if not all) of the more powerful legal databases.
 
My personal favorite legal database is Westlaw.  Powerful, tons of features and, best of all, easy to teach and use.  A bit on the pricey side if you're looking to get personal access, but it is hands-down the best resource when it comes to searching all things legal.
 
Back in the day, I was pretty good at developing my own search strings.  When I got stumped, I'd waste not a second and call 1-800-Westlaw and speak with a Reference Attorneys (bunch of lawyers who ate, slept and lived Westlaw 24/7) to get help drafting a search query.
 
However, with the advent of Artificial Intelligence (aka AI), coming up with a search string is easier.  So, let's say I searching in Westlaw for caselaw for/to:
Create a search string using terms and connectors seeking cases since 2015 where an amusement or theme park was held liable for injuries to guests
In this case, I used Chatgpt and retrieved the following result:
("amusement park" OR "theme park" OR "water park") /p (guest OR patron OR visitor OR invitee OR customer OR "paying customer")
AND (liab! OR "held liable" OR "found liable" OR "liable for" OR "judgment for plaintiff" OR "verdict for plaintiff") /s (injur! OR accident OR mishap OR death OR "wrongful death" OR harm OR "personal injury" OR "bodily injury" OR "catastrophic injury" OR "traumatic injury" OR "fall injury" OR "ride injury" OR "slip and fall")
AND (neglig! OR "duty of care" OR "breach of duty" OR "premises liability" OR "premises defect" OR "failure to warn" OR "inadequate security" OR "inadequate maintenance" OR "dangerous condition" OR "attractive nuisance") /p ("amusement park" OR "theme park" OR "water park") DA(aft 01-01-2005)

So, here we have a number of connectors like:

  • OR (give me A or B; more expansive)
  • AND(give me A and B (more restrictive)
  • /p (A within the same paragraph as B - expansive)
  • /s (A within the same sentence as B - bit more restrictive)
  • ! (acts as an extender.  So, Act! retrieves Act, Acts, Acting, Acted, Acted, Actor, Actress...)
  • ( ) (keeps related concepts together)
  • "  "  (returns two or more words together in a certain sequence)
  • DA (refers to a date filter)

With a date filter of 2015-2025, we'll see things we are looking for.  Or, at lease we can get to a starting point.

Lexis is another legal database.  Not my favorite as it is a pain to teach and it is still has some clumsy elements.

Using the same criteria as above (create a complex search string using terms and connectors seeking cases since 2015 where an amusement or theme park was held liable for injuries to guests) and using Chatgpt, our search string looks like:

("amusement park" OR "theme park" OR "water park") w/15 (guest OR patron OR visitor) AND (liability OR "held liable" OR "found liable" OR "judgment for plaintiff") w/15 (injury OR injuries OR accident OR death OR "wrongful death" OR harm OR "personal injury") AND (negligence OR "duty of care" OR "premises liability" OR "attractive nuisance") AND NOT ("judgment for defendant" OR "defense verdict" OR reversed)

Again we have a number of connectors like:

  • AND (A and B - less restricted)
  • OR (A or B - more restricted)
  • AND NOT (A but don't include any results with B - even more restricted)
  • w/# (I want A within a certain number of words)
  • (  ) (keep this cluster of terms together
  • "  " (I want these words in just this order)

Also to note is that Chatgpt added some legal terms like "premises liability," "attractive nuisance," and "wrongful death" suggesting that it is trying to give additional suggestions as users conduct a search.

Note also that this search query isn't as long or complex as the one for Westlaw.  That doesn't mean it's wrong or anything - it's just different and it's how Chatgpt interpreted what I was asking.  Change the query, and I'd get another result.

The bottom line here is that AI had really changed how law people work.  No longer do we have to hunt and peck around hoping to hit pay dirt.  Now we have AI search engines which help to cut down the time that is used to take to get started.

Posted by 0 comments

Monday, November 10, 2025

Penny Pinchers, Unite!

Once upon a time, I lived in the big sky country (i.e.Montana).  Beautiful.  Majestic. Lots of open road, hunting, fishing, camping - Montana has a little bit of everything when it comes to the great outdoors.

While I was living in Montana, a story came over the news wire about two guys who went out hunting deer.  Seems they had collected deer tags from a couple dozen people in the town where they lived and had shot a whole lot of deer.  

Turns out they shot more deer than they had tags so they buried the ones that didn't have tags under the ones that did hoping Fish and Game Wardens wouldn't be catch them.

Sensing something was wrong when a trailer full of deer drove by, Fish and Game actually did go through all the deer, found the un-tagged deer aaaaaand confiscated the who kit and caboodle.

So, why am I telling you about this?  The other day as I was standing in line to buy a single bottle of soda and I had the priviledge of standing in line behind a, extreme couponer.  

You know (or have heard) of the type.  

They collect hundreds of coupons and dole them out when they buy stuff so that at the end they only have to pay pennies on hundreds of dollars of stuff.

Well, Couponer is going through all their coupons.  Manager is getting upset.  I mean, Couponer must have had three hundred coupons and Manager was checking each one careful enough that he started noticing something fishy.


Legitimate extreme couponers can sometimes get bills down to pennies, but only when:

  • The coupons are valid and stackable under store policy.
  • There are simultaneous sales and rebates.
  • The store accepts multiple coupons per transaction.

So, after Couponer has gone through a couple hundred coupons, Manager starts to notice that the dates on some of the coupons were off by a couple months.  

I suspect Manager normally ignores such things to maintain good standing in the community but in the case of someone using hundreds of fake or misapplied coupons, that’s fraud - even if the register “takes” them at checkout.  

In case you're wondering, coupon fraud is the intentional misuse, alteration, counterfeiting, or unauthorized reproduction of coupons—paper, digital, or mobile—in order to obtain goods or services for free or at a reduced price in a way that violates the coupon’s terms and conditions, store policy, or applicable law.  

In other words, it’s using coupons deceptively to secure savings you’re not entitled to.

So, picture it: Couponer has gone through a couple hundred coupons and Manager sees that Couponer has included a couple dozen out of date coupons.  Good faith or not, Manager points out the discrepancies, Couponer feigns ignorance, Manager voids the entire transaction and kicks Couponer out of the store aaaaaaand I finally got to buy my soda.

While I don't know if what Couponer did rose to the level of fraud, I guess the moral to the story is, if you think you're going to get away with something, best to have all your ducks in a row and not annoy the manager, the cashier, or the guy behind you who is just trying to buy a soda.

Posted by 0 comments

Monday, November 3, 2025

Word of the Month for November 2025: Social Engineering

Have you ever gotten emails from people you've never met asking for information that you don't think you should give out?

Maybe a "friend" casually asks you for your user name/password to see what funny stuff you've posted on social media.  

Maybe you're searching online at work when, out of the blue you get an email or text from someone you don't know about something like:

Subject: Urgent: Your Amazon account has been compromised! 

Dear Customer,

We have detected suspicious activity on your Amazon account. To protect your information, please verify your account by clicking the link below:

[Link: Verify your account here: malicious-amazon-login.com] Failure to verify your account within 24 hours will result in account suspension. 

You click the link, you computer screen starts to flicker and it shuts off....OR 

Nothing happens but a few days later you discover that your username/passwords have been changed making it impossible to  access any of the accounts stored in your account manager (you know, where you have been storing your usernames/passwords for the last few years), OR

You get a visit from IT/HR saying that email you clicked from someone you've never met or heard of released a virus into the computer network and it's going to cost the company hundreds of thousands of dollars to fix and, oh yeah, you're fired.

Ever happen to you?   If this scenario has happened to you, you, my friend, have become a victim of social engineering.

I remember one time years before the word "social engineering" was even coined, I got a call from an official sounding guy.  There were sounds of people talking in the background, typewriters going, secretaries taking dictation, and such.  

Sounded legit.

Guy started in asking me questions like can I spell my name, where I lived, how old I was - that sort of thing.  Then he asked for my social security number.  

Just as I started to say the first number, something caught my attention and I'm like why do you need my SS#?  He started saying something and I got the BS feeling in my gut and hung up.

Don't know what the BS feeling is?  Essentially, it's if it looks like a duck and flies like a duck but smells like Bulls**t, it's probably not a duck.

Anyway, turns out social engineering happens to LOTS of people and organizations worldwide.  In fact, globally, social engineering attacks (including phishing, impersonation, etc.) cost businesses approximately $4.8 billion in 2024—up from about $4.2 billion in 2023.

Wait, what?!

Before we get too deep into this, let's define what Social Engineering is:  
Social engineering is a trick used to fool people into giving away private information or doing something they shouldn’t, usually by pretending to be someone they're not in order to gain the  trust of their victim(s).
Social engineering manipulates or deceives people into divulging confidential information or performing actions that compromise security (either to the private individual or a corporation).  It often relies on psychological manipulation - exploiting human emotions and instincts rather than technical vulnerabilities (like what you might expect from a computer hack). 

The success of social engineering lies in the fact that humans are prone to error and therefore fall for manipulative tactics. According to a social engineering attacks survey, “Social engineering attacks are one of the insidious and pervasive threats that compromise the individual’s privacy and security.  These malicious strategies exploit an individual’s tendency to trust digital resources...One of the primary causes of social engineering attacks is human error and emotional responses to factors such as greed, fear, empathy, and curiosity.” 

Social engineering is often the gateway to technical breaches (e.g., phishing leads to ransomware), but it doesn’t always get the credit—or blame—it deserves. It's less flashy, more human, and harder to track.  So, while attacks on computer systems get better press, using social engineering is often more readily employed as it is easier to exploit human weaknesses such as trust, a sense of safety, and the tendency to help others or seek the most convenient path than to go to all the trouble of hacking a computer network.

So, what are some of the more popular ways social engineering happens?

1. Phishing

Fake emails, texts, or messages that look legitimate but trick you into clicking links, downloading malware, or entering personal info.

Example: You get an email that looks like it’s from your bank, asking you to “verify your account.”

 2. Vishing (Voice Phishing)

Phone calls where someone pretends to be from tech support, a bank, or government agency to get sensitive info.

Example: “This is Microsoft. We’ve detected a virus on your computer…”

 


 3. Smishing (SMS Phishing)

Phishing via text messages. Usually includes a suspicious link or urgent message.

Example: “Your package is delayed. Click here to reschedule delivery.”

 4. Pretexting

The attacker creates a fake identity or situation (a “pretext”) to get you to trust them and share info.

Example: Someone pretends to be HR asking for your Social Security number to “update your file.”

 5. Impersonation

The attacker pretends to be someone you know or someone in authority (like a boss or IT support).

Example: A “CEO” emails asking you to urgently wire money for a business deal.

 6. Baiting

Luring someone with a tempting offer—like free software, a USB drive, or music downloads—that actually contains malware.

Example: A USB drive labeled “Employee Salaries” left in a company parking lot.

 7. Tailgating / Piggybacking

Physically following someone into a restricted area by pretending to be an employee or visitor.

Example: “Oops, I forgot my badge—mind holding the door?”

 8. Quid Pro Quo

Offering a service or benefit in exchange for information.

Example: “I’ll fix your printer if you give me your login credentials.”

These methods all rely on exploiting human trust, fear, curiosity, or helpfulness—not just technology. That’s what makes social engineering so powerful and dangerous.

So, how might a social engineering attack  play out in real life:

Scenario: "The IT Support Scam"

Target: An employee at a company
Attacker’s Goal: Gain login credentials to the company’s internal system

  1. Pretext (The Setup)
    The attacker calls the employee pretending to be from the company’s IT department.

    "Hi, this is Mike from IT. We’re doing urgent maintenance on the login system, and I noticed your account has been flagged."

  2. Creating Urgency and Trust
    The attacker uses technical jargon and time pressure.

    "If we don’t fix this now, your access could be locked and flagged for audit. I can help you reset it quickly."

  3. Information Gathering
    The attacker asks a few harmless-seeming questions to gather details:

    "Can you confirm your username and the last four digits of your employee ID?"

  4. Exploitation
    Then comes the real request:

    "Now I just need your current password to manually reset the system on our end. After that, I’ll send you a temporary one."

  5. The Hook
    The employee, stressed and believing they’re helping IT, provides the password.

  6. Execution
    The attacker immediately logs into the employee's account and accesses sensitive company data or plants malware.

What just happened?  The attacker didn’t hack any system—they hacked human trust. That’s social engineering in real time: manipulating someone into voluntarily giving up secure information.

Have you ever had this happen to you?  I'll bet it has but you didn't know it. 

So, what can you do to protect yourself?  Turns out there are a number of things you (or your company) can do to prevent (or, at least, delay the inevitable attack), like:

Recognize the warning signs

  • Unexpected phone calls. If you get a call you weren’t expecting, especially if the caller says they’re from a bank, insurance, or an IT company, chances are it’s a phishing attempt. 
  • Suspicious email sender’s address. If something feels off about an email you got, always check the sender’s email address because it may be a spam email.
  • Unusual requests from someone that you may know. If your boss or a manager contacts you with urgent requests for money, credentials, documents, and other information when they've never done that before, it could be a phishing attempt. Always verify.
  • Urgent requests or demands. Phishing attempts have a sense of urgency to them, such as “pay now” or “act quickly,” all designed to make you feel pressured, distracted, and overwhelmed into acting NOW!
  • Unexpected links or attachments. Do not open attachments or click on links in emails you were not expecting. They could be malicious, and lead to dangerous sites. 
  • Unusual layout and spelling. Incorrect grammar and spelling, strange sentence structure, and inconsistent formatting are strong indicators of a phishing attempt. 
  • Generic greetings/signature. Greetings that don’t include your name, such as “Sir/Maam,” and signatures without contact information (or contact information that does not make sense) are strong indicators of a phishing email. 
  • Offers that seem too good to be true. If an offer seems too good to be true, such as large amounts of money for seemingly useless information, it could be a phishing attempt.
  • Requests on social media from someone you don’t recognize. Be wary of messages from people or entities you don’t know.

Implement multi-factor authentication

Multi-factor authentication, specifically phishing-resistant MFA, is a security method that requires users to verify their identity using two or more different types of proof, like a password and a code sent to your phone. The requirement of two or three extra steps lowers the risk of a breach even if attackers already have your credentials.

Train employees on awareness

Regular organization-level training is important to ensure the safety of your employees and data. Employees should be informed about and be taught to use defensive measures such as multi-factor authentication, the importance of  the use of strong passwords, and the use of firewalls.

Operate under the zero-trust mindset

Essentially, don't trust anyone. Always assume all incoming communications are social engineering attempts, and proceed with caution.  Always be looking for clear evidence that the message is legitimate.

Avoid sharing personal information online

Monitor your social media profiles keeping them private and ONLY share access with people you know personally. 

Like  the old timey radio show The Shadow instilled in baby-boomers everywhere: Who knows what evil lurks in the hearts of men? 

Who, indeed!?

Your best bet is to keep your personal information close to your vest and trust no one because everyone is out to get you (insert evil laugh, here).
Posted by 0 comments
Subscribe to: Comments (Atom)