Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.
posts
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated category of fake email — caused adjusted losses exceeding $2.9 billion in a single year. That wasn't from exotic zero-day exploits. It was from emails that looked real but weren'
In 2024, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee, and gained access to internal systems. The initial vector? A social engineering call informed by information harvested through phishing. One phone call. One convincing story. Nine figures in damages. If
10,000 Malicious Domains and Counting In early 2025, the FBI issued a stark public warning about a massive smishing campaign — fraudulent SMS text messages — targeting Americans across all 50 states. The FBI warning on smishing texts wasn't routine. It described a coordinated operation leveraging more than 10,
Your Search for a Phish Setlist Could Land You on a Hacker's Hook Last summer, a colleague of mine — a die-hard Phish fan — searched for a phish setlist from a recent show at Madison Square Garden. He clicked what looked like a legitimate fan site. Within seconds, his
They Don't Just Send One Email — They Run a Phish Tour In 2023, the FBI's IC3 received over 298,000 phishing complaints, making it the most reported cybercrime category for the fifth consecutive year. But here's the part that doesn't make the
In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The total cost exceeded $100 million. The attacker didn't exploit a zero-day vulnerability or crack military-grade encryption. They impersonated an employee found
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the single most reported cybercrime for the fifth consecutive year. Yet when I ask executives what phishing actually is, most give me a vague answer about "fake emails." That&
In 2023, a finance employee at the multinational firm Arup wired $25 million to threat actors after a deepfake video call that spoofed the company's CFO and several colleagues. Every face on the screen was fake. Every voice was synthesized. The employee had no reason to doubt what
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider used a spear phishing phone call to trick a help desk employee into resetting credentials. One call. One employee. One hundred million dollars. That's not a bulk spam campaign — that's
A Single Spoofed Email Cost This Company $46.7 Million In 2016, FACC Operations GmbH, an Austrian aerospace parts manufacturer, lost €42 million (roughly $46.7 million USD) after attackers sent a spoofed email impersonating the company's CEO. The finance department wired the money to accounts controlled by
