Guides and insights on using phishing simulation training to test and strengthen employee resilience against social engineering attacks. This tag covers simulation platform selection, campaign design, result analysis, and strategies for turning simulated exercises into lasting security behavior changes.
posts
The Trojan Horse You Already Installed In March 2024, a lone developer named Andres Freund noticed something odd: SSH connections were taking 500 milliseconds too long. That curiosity uncovered the XZ Utils backdoor — a sophisticated supply chain attack where a threat actor had spent two years building trust as a
In March 2025, a mid-size accounting firm in the Midwest lost $2.1 million after a single employee clicked a spoofed DocuSign link during tax season. The firm had antivirus software. They had a firewall. What they didn't have was phishing simulation training — the one layer of defense
In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way almost all
A Single Click Cost One County $1.3 Million In March 2022, Bernalillo County, New Mexico was still recovering from a ransomware attack that started with what investigators believe was a phishing email. The county had to close government buildings, delay jail proceedings, and shut down key services. The remediation
In March 2021, a single phishing email led to a credential theft incident at a mid-size manufacturing firm in Ohio. The attacker impersonated the CEO, asked the controller to update direct deposit information, and walked away with $1.7 million. The email had two typos, a slightly wrong domain, and
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. One conversation. No malware payload, no zero-day exploit, no sophisticated code. Just a human being who wasn't prepared for the moment. That'
