Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.
posts
The Server Room Door Was Unlocked In 2019, a penetration tester hired by the state of Iowa walked into the Dallas County Courthouse after hours. He accessed restricted areas, took photos of sensitive systems, and demonstrated just how easy it was to bypass physical controls. The exercise ended with him
In 2019, a penetration tester hired by the state of Iowa walked into a locked courthouse after hours simply by following an employee through a secured door. He was arrested — despite being under contract to test exactly that vulnerability. The incident made national headlines and exposed an uncomfortable truth: a
A former employee at a financial services firm in Chicago watched his coworker type her password every morning for two weeks. He memorized it character by character. After he was terminated for performance issues, he used those stolen credentials to access the company's client database from a public
The Sticky Note That Cost a Hospital $1.2 Million A few years ago, I walked into a client's office for a security assessment and found a sticky note on a monitor in the billing department. It had a username, a password, and the name of their patient
A Fortune 500 Company Got Breached by a Phone Call In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The result? Over $100 million in losses, days of operational chaos, and a stock
The CEO Who Clicked the Link In 2024, the SEC charged SolarWinds' CISO with fraud for misleading investors about the company's cybersecurity posture. That case sent a clear message: cybersecurity accountability now sits in the executive suite, not just the IT department. If you're a
A Single Email Cost This Company $47 Million In 2015, Ubiquiti Networks disclosed that attackers impersonating company executives tricked finance employees into wiring $46.7 million to overseas accounts controlled by threat actors. No malware. No zero-day exploit. Just a carefully crafted CEO fraud email scam that exploited trust, urgency,
The CEO Who Wired $47 Million to a Threat Actor In 2016, Austrian aerospace manufacturer FACC fired its CEO after the company lost €42 million (roughly $47 million) in a business email compromise attack. A threat actor impersonated the CEO via email and convinced a finance employee to wire funds
In January 2024, a threat actor used credential stuffing to compromise a test environment at Microsoft — and then pivoted to access senior leadership email accounts for weeks before detection. Microsoft. One of the most well-resourced security organizations on the planet. If it can happen there, it can happen to your
The Breach That Started With a Single Stolen Identity In 2023, a midsize accounting firm in the Midwest lost access to its entire client database — not because of a sophisticated zero-day exploit, but because a threat actor used a partner's stolen credentials purchased on the dark web. The
