Case Studies

Red Goat Cyber Security was founded to promote insight into real world attacks and leverage this knowledge to help organisations enhance their defences against the current attack landscape.

Social engineering has proved to be one of the most prolific and effective means of attacking organisations of all sizes. It is an attack vector that is growing rapidly. Your staff need to be able to identify and defend against attempted attacks.

These cyber crime case studies highlight real-world tactics which helps equip your staff to play their part in defending your company against social engineering and other forms of cyber attack.

Can I borrow your swipecard?

This case involves an accountancy firm based in South East England.  The firm had just lost a big client and as a result had to make some cuts which included letting a few members of staff go. Jamie had been one of these staff members.  He was disgruntled to say the least.  He’d expected better […]

Stay calm and (don’t) pay the hackers

This social engineering case study highlights how attackers can use curiosity, urgency and fear to manipulate victims into breaking company protocols and get a finance employee to willingly transfer £152,000 into the attackers bank account. Miranda worked in Finance for Troy Ltd.  One morning she received an email with the subject line “Urgent C.V resend: FAO […]

The enthusiastic law student

This case involves a law firm based in the south of England.  The firm was of a reasonable size and, like most law firms, held a lot of very sensitive customer data. One morning one of the solicitors received a Facebook message purporting to be from a young law student.  The message read: “Dear Jennifer, […]

As you might expect many cases leverage social engineering to commit some kind of banking fraud, and banks are increasingly unwilling to refund monies where social engineering of staff has led to the financial loss. Training can both help to manage the risk of cyber crime and potentially reduce fines under GDPR as companies who cannot show measurable compliance risk heavy fines. The ICO explicitly states that organisations should train their staff to be aware of phishing, vishing & impersonation attacks as part of their data protection training.