Learn how phishing simulation exercises help organizations test employee readiness against real-world email attacks. This tag covers simulation design, campaign metrics, benchmarking results, and using simulated phishing to continuously improve organizational resilience to social engineering threats.
posts
In March 2022, threat actors used a simple phishing text message to breach Okta through a third-party contractor, Sitel. That single compromised credential gave attackers access to internal systems supporting thousands of Okta's customers. The attack didn't require sophisticated malware or a zero-day exploit. It required
In January 2022, the Red Cross disclosed that a cyberattack compromised the personal data of over 515,000 vulnerable people — victims of conflict, missing persons, detainees. The attack vector? A threat actor exploiting an unpatched vulnerability, combined with social engineering techniques that went undetected for weeks. It's a
A Single Phish Took Down a $4 Billion Pipeline In May 2021, a single compromised password — likely harvested through a phish or credential reuse — gave attackers access to Colonial Pipeline's network. The result: a ransomware attack that shut down 5,500 miles of fuel pipeline, triggered gas shortages
In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. The attackers used compromised credentials, likely harvested through a phishing campaign, to deploy ransomware that disrupted fuel supply across the entire East Coast. That one email triggered panic
The Colonial Pipeline Just Proved Your Software Isn't Enough On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline's systems went dark, gasoline shortages spread across the Southeast, and a ransomware gang called DarkSide walked away
The Colonial Pipeline Attack Started with a Single Compromised Credential As I write this, Colonial Pipeline is still scrambling to restore fuel delivery to the southeastern United States after a ransomware attack that shut down 5,500 miles of pipeline. The FBI confirmed DarkSide as the threat actor. While the
In 2023, MGM Resorts lost roughly $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way past security controls. No zero-day exploit. No nation-state malware. Just a phone call. That incident crystallized something I've been telling organizations for
One Click Cost This Company $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call and a phishing email. Threat actors from the Scattered Spider group used social engineering to gain access, eventually deploying ransomware that disrupted operations
A Single Click That Cost $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phishing attack that started with a phone call to an IT help desk. Threat actors from the Scattered Spider group used social engineering to impersonate
