In-depth coverage of social engineering tactics used by attackers, including pretexting, baiting, tailgating, and spear phishing. Articles explain how these manipulation techniques exploit human psychology and provide actionable defenses organizations can deploy to protect their people and data.
posts
The FBI Gmail Alert That Changed the Threat Landscape In late 2024, the FBI issued a stark public service announcement: sophisticated phishing campaigns were actively targeting Gmail's 1.8 billion users, and the attacks were so convincing that even security-savvy professionals were falling for them. By 2025, the
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past help desk staff with a ten-minute phone call. The attackers didn't exploit some exotic zero-day. They exploited a human being
A Single Phish Took Down a $4 Billion Pipeline In May 2021, a single compromised password — likely harvested through a phish or credential reuse — gave attackers access to Colonial Pipeline's network. The result: a ransomware attack that shut down 5,500 miles of fuel pipeline, triggered gas shortages
In May 2021, Ireland's Health Service Executive got hit with a Conti ransomware attack that started with a single phishing email. One employee opened one malicious Excel attachment, and the entire national healthcare system went offline for weeks. That's the real-world weight behind the phishing meaning
In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. The attackers used compromised credentials, likely harvested through a phishing campaign, to deploy ransomware that disrupted fuel supply across the entire East Coast. That one email triggered panic
In July 2021, a single phishing email led to a ransomware attack that shut down fuel deliveries across the entire U.S. East Coast. The Colonial Pipeline breach started — like most breaches do — with a compromised credential. If one employee had known how to spot phishing emails, $4.4 million
A $900,000 FTC Settlement Started with a Fake Identity Website In 2020, the FTC took action against operators running deceptive websites that harvested personal information under the guise of offering government services. Consumers thought they were applying for benefits or retrieving official documents. Instead, their Social Security numbers, dates
The FBI Keeps Warning About Gmail — And Most People Keep Ignoring It In 2020, the FBI's Internet Crime Complaint Center (IC3) received 791,790 complaints — a 69% increase from 2019. A staggering number of those complaints involved business email compromise, phishing, and credential theft targeting popular email platforms.
The Colonial Pipeline Attack Started with a Single Compromised Credential As I write this, Colonial Pipeline is still scrambling to restore fuel delivery to the southeastern United States after a ransomware attack that shut down 5,500 miles of pipeline. The FBI confirmed DarkSide as the threat actor. While the
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker hijacked accounts belonging to Barack Obama, Elon Musk, and Apple — tweeting a Bitcoin scam to millions. The breach didn't start with a sophisticated exploit or zero-day vulnerability. It
