Focuses on recognizing and countering manipulation tactics that attackers use to exploit human trust. Covers pretexting, baiting, tailgating, impersonation scams, and organizational defenses such as verification protocols, awareness campaigns, and incident reporting procedures.
posts
In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the
In January 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of account takeover — cost victims over $1.8 billion in 2020 alone. That made it the costliest category of cybercrime by a wide margin. Not ransomware. Not credit card fraud. Account takeover.
Colonial Pipeline. SolarWinds. The Microsoft Exchange Server hack. We're barely halfway through 2021, and the breach headlines already read like a disaster film. Each one of these incidents started with something preventable — a compromised password, an unpatched system, a single employee who clicked the wrong link. The cybersecurity
Colonial Pipeline just paid $4.4 million in ransom to a criminal group called DarkSide — and they had a security vendor. SolarWinds, a company that literally sold security monitoring tools, became the vector for one of the most devastating supply chain attacks in history. If massive organizations with million-dollar security
In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. The Colonial Pipeline ransomware attack disrupted gas supplies across the Eastern Seaboard, triggered panic buying, and cost the company a $4.4 million ransom payment. If you ever needed a reason to define
In March 2021, a single phishing email led to a credential theft incident at a mid-size manufacturing firm in Ohio. The attacker impersonated the CEO, asked the controller to update direct deposit information, and walked away with $1.7 million. The email had two typos, a slightly wrong domain, and
In 2020, the FBI's Internet Crime Complaint Center received 791,790 complaints — a 69% increase over 2019 — with reported losses exceeding $4.2 billion. Small businesses absorbed a disproportionate share of that damage. The Verizon 2020 Data Breach Investigations Report found that 28% of data breaches involved small
