A phishing thief’s playbook is essentially the same as that of a street con artist running a three-cardmonte hustle: pure deception. When asked what he would say to CISOs who ask how to successfully defend against all phishing attacks, the CIO of a Wall Street investment house focuses on the healthcare space, pauses for a moment, then responds knowingly.