BattlePhish™ — Gamified Phishing

Roughly speaking, the how… Random split of your org: Team A, Team B. Team A votes on the the phish (from choice 3) and the time it’s sent out (they don’t need the day) They then get to find out how successful they’ve been. Repeat with team B. Next month, randomise again…. Above, is the… Continue reading BattlePhish™ — Gamified Phishing

I socially engineered a social engineer. Here’s how.

Whilst I knew I had put a lot of thought into my pranks, as I edged closer to the infosec industry I did think the ‘prank’ label might not be doing me any favors. I’d gone with ‘EMAIL PRANKSTER’ as it was literally descriptive and added a clown horn to what I was doing, which… Continue reading I socially engineered a social engineer. Here’s how.

Inbox Hypnotism™

It was back in 2017; whilst I was co-writing an article with Dr Ian Levy, the Technical Director at the NCSC, that I first used the term ‘inbox hypnotism’. It seemed to perfectly describe the symbiotic state someone lost within their emails slips into, as their subconscious takes greater responsibility for peripheral processes. Being ‘In… Continue reading Inbox Hypnotism™

Authentic tales from my time as a social engineer + lessons I’ve learnt as a email security professional.

After social engineering my way into the inboxes of White House staff and Banking CEOs I then went to work in email security — it was very much the fairy tail ending. For 3 years I manipulated BEC (Business Email Compromise) cyber-criminals into revealing specific intelligence which was then passed on to global financial institutions… Continue reading Authentic tales from my time as a social engineer + lessons I’ve learnt as a email security professional.