Examines how behavioral psychology principles intersect with cybersecurity awareness and decision-making. Articles explore why people fall for social engineering, how habits influence security behavior, and evidence-based techniques organizations can use to foster lasting security-conscious cultures among employees.
posts
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. But here's what the raw numbers don't tell you: every single one of those incidents started with a
In March 2025, a finance director at a mid-sized manufacturing company wired $2.3 million to a bank account in Southeast Asia. The request came from what looked like the CEO's email — same signature, same tone, same thread about an acquisition they'd been discussing for weeks.
A Single Click Cost One Company $100 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing but phishing emails. No zero-day exploits. No advanced malware. Just carefully crafted messages that exploited human psychology. If you want to
A Single Email Cost This Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. His method wasn't a zero-day exploit or cutting-edge malware. It was emails. Carefully crafted, psychologically precise emails that
A Pipeline Went Dark — Because One Person Clicked On May 7, 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down operations after a ransomware attack. The disruption caused fuel shortages across the southeastern U.S. and triggered panic buying. While the full forensic details are still
Updated for 2026 A Single Email Cost This Company $121 Million In 2019, Rubin Schron's Cammeby's International Group wired $121 million to a fraudulent account after receiving what appeared to be a routine email from their attorney. The email was a phish. No malware. No zero-day
