Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.
posts
When the FBI Tells You to Pay Attention, Pay Attention In late 2024, the FBI issued a stark public service announcement warning that threat actors are leveraging generative AI to craft highly convincing phishing campaigns — and Gmail's 1.8 billion users sit squarely in the crosshairs. The FBI
A Phone Call From "Google" That Wasn't Google at All In late 2024, a Gmail user received a phone call from what appeared to be a legitimate Google support number. The caller warned of suspicious account activity, walked them through a fake recovery process, and captured
One Phishing Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than fraudulent invoices and carefully crafted phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices to accounts payable
In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that phishing was the most frequently reported cybercrime — again. Over 193,000 complaints were filed for phishing alone, and the real number is far higher since most incidents go unreported. I've spent years watching organizations get
The Fake Mail That Drained $37 Million In 2024, Toyota Boshoku Corporation disclosed a business email compromise attack where a threat actor used fake mail to trick a finance executive into wiring approximately $37 million to a fraudulent bank account. The email looked legitimate. The sender address was nearly identical
The $4.88 Million Email That Looked Completely Normal In 2024, IBM's Cost of a Data Breach Report pegged the average breach cost at $4.88 million — a record high. And phishing remained the most common initial attack vector. I've investigated dozens of these incidents firsthand,
Your Old AIM Email Address Is a Bigger Problem Than You Think In December 2017, AOL officially shut down AIM — AOL Instant Messenger — after 20 years of operation. Millions of users shrugged and moved on. But here's what most people didn't consider: their old AIM email
In March 2024, a finance director at a mid-size manufacturer in Ohio received an email from what appeared to be the company CEO. The message asked for an urgent wire transfer to close a confidential acquisition. The email looked flawless — correct logo, matching font, even a convincing signature block. She
Your Inbox Is a Buffet — And Threat Actors Are Cooking In March 2023, the FBI's Internet Crime Complaint Center reported that phishing was the number one crime type by victim count for the fifth year running, with over 298,000 complaints in a single year. Every one of
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime category for the fifth year running. That's not a number on a slide deck. That's hundreds of thousands of real organizations bleeding money,
