Case Studies

Red Goat Cyber Security was founded to promote insight into real world attacks and leverage this knowledge to help organisations enhance their defences against the current attack landscape.

Social engineering has proved to be one of the most prolific and effective means of attacking organisations of all sizes. It is an attack vector that is growing rapidly. Your staff need to be able to identify and defend against attempted attacks.

These cyber crime case studies highlight real-world tactics which helps equip your staff to play their part in defending your company against social engineering and other forms of cyber attack.

Can I borrow your swipecard?

Can I borrow your swipecard? […so we can add 2,000 new admin accounts to your system] This case involves an accountancy firm based in South East England.  The firm had just lost a big client and as a result had to make some cuts which included letting a few members of staff go. Jamie had […]

Stay calm and (don’t) pay the hackers

Stay calm and (don’t) pay the hackers This social engineering case study highlights how attackers can use curiosity, urgency and fear to manipulate victims into breaking company protocols and get a finance employee to willingly transfer £152,000 into the attackers bank account. Miranda worked in Finance for Troy Ltd.  One morning she received an email with […]

The enthusiastic law student

The enthusiastic law student This case involves a law firm based in the south of England.  The firm was of a reasonable size and, like most law firms, held a lot of very sensitive customer data. One morning one of the solicitors received a Facebook message purporting to be from a young law student.  The […]

As you might expect many cases leverage social engineering to commit some kind of banking fraud, and banks are increasingly unwilling to refund monies where social engineering of staff has led to the financial loss. Training can both help to manage the risk of cyber crime and potentially reduce fines under GDPR as companies who cannot show measurable compliance risk heavy fines. The ICO explicitly states that organisations should train their staff to be aware of phishing, vishing & impersonation attacks as part of their data protection training.