Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.
posts
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. But here's what the raw numbers don't tell you: every single one of those incidents started with a
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on
Your Employees Are Hungry — And Threat Actors Are Cooking In 2023, the FBI's Internet Crime Complaint Center (IC3) logged over 298,000 phishing complaints — more than any other cybercrime category for the fifth year running. That's nearly 817 reported phishing attacks per day. And those are
A Single Email That Cost $100 Million In 2019, Toyota Boshoku Corporation lost $37 million after an employee followed wire transfer instructions in a fraudulent email. Facebook and Google collectively lost over $100 million to a Lithuanian threat actor who sent fake invoices posing as a hardware vendor. These aren&
Your Employees' Phones Are Under Siege In March 2024, MGM Resorts was still reeling from one of the most expensive social engineering attacks in corporate history — one that started with a phone call, not an email. That incident cost the company over $100 million. And it's not
One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and gained access to the company's entire network. The result: over $100 million in losses, days of disrupted operations,
The Typo That Costs Billions: Why "Phising" Lands You Here Here's something I find fascinating — "phising" is one of the most commonly misspelled cybersecurity terms on the internet. If you searched for it, you're in exactly the right place. Phishing (with the
The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for millions of Americans. UnitedHealth Group confirmed paying a $22 million ransom. The attack vector? Stolen credentials on a system that lacked multi-factor authentication. One missing
A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state tooling. Just a phone call. If you want to understand what causes a data breach,
