Focuses on recognizing and countering manipulation tactics that attackers use to exploit human trust. Covers pretexting, baiting, tailgating, impersonation scams, and organizational defenses such as verification protocols, awareness campaigns, and incident reporting procedures.
posts
A single employee at MGM Resorts answered a social engineering call in September 2023, and within hours a threat actor had enough access to trigger a shutdown that cost the company over $100 million. The attacker didn't exploit a zero-day vulnerability. They exploited a person. That's
The Breach That Cost a Children's Charity Everything In 2023, Save the Children Federation disclosed it had been hit by the BianLian ransomware gang, which claimed to have stolen nearly 7 GB of sensitive data including financial records, medical information, and personal data. A global nonprofit with significant
A $9.5 Billion Problem That Keeps Getting Worse The FBI's Internet Crime Complaint Center (IC3) reported $12.5 billion in cybercrime losses in 2023 — a figure that's only climbed since. If you're searching for answers about cyber security, you're asking the
A Leaderboard Didn't Stop the Breach — But It Helped In 2023, a midsize healthcare provider ran a standard annual compliance video for security training. Completion rates hit 94%. Two months later, a single employee clicked a phishing link that led to a ransomware attack affecting 130,000 patient
A Single Stolen Password Cost This Company $60 Million In 2023, MGM Resorts International was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The
43% of Cyberattacks Target Small Businesses — Most Aren't Ready That number comes straight from the Verizon Data Breach Investigations Report, and it's been climbing for years. In my experience working with organizations of every size, small businesses consistently overestimate their security posture and underestimate their exposure.
In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
The FBI Didn't Issue Gmail Warnings for Fun In late 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in sophisticated phishing attacks targeting Gmail users — attacks so convincing that even security-savvy professionals were getting fooled. By mid-2025, the bureau doubled down, warning
