John Ruddy

The Accounts Payable Case Study You Can’t Afford to Miss — Lessons from Galway

Maeve (not her real name) was lining up the last batch of payments before close of business—rates for the unit in Ballybrit, a contractor drawdown, a tiny €87 credit note she’d been babysitting since June—when her mobile lit up: Private Number.

Decode Invoice Redirection Heists in Ireland using the MITRE ATT&CK Framework

Invoice redirection fraud isn't just a financial crime. It's a social engineering masterpiece designed to bypass firewalls, antivirus software, and even the sharpest IT teams by targeting something far more vulnerable: human trust. These scams don’t ask you to click a malicious link. They ask you to believe a lie—and act on it.

McMoggies a "Vibe Coded" OSINT Experiment

This week I’ve been tinkering with a slightly odd little side project — part tongue-in-cheek, part technical experiment. The idea was simple: a single-page site where users rate randomly generated images of cats. Once you rate one, a new cat appears. It’s light-hearted on the surface, but underneath there’s a bit more going on.

You Won’t Believe What Ireland’s Anti-Scam System Is Accidentally Teaching Users

What happens when your hospital, bank, or insurer sends you a text message—and it’s labelled “likely scam”?

Old Web Pages, New Clues: How to Investigate What’s No Longer There

In the world of Open Source Intelligence (OSINT), time is a crucial yet often underestimated dimension. We will explore 3 ways of using time as a tool to conduct investigations and garner new information about our mark.

The Menu Bites Back

Everyday work emails, like canteen updates or staff notices, can be used to trick people without raising suspicion. This article looks at how a simple lunch menu email was used to fool staff and deliver a hidden threat. It shows why companies need to pay more attention to the risks in ordinary, routine messages.

The Great Christmas Voucher Scam (That Never Was)

Just before Christmas, a suspicious email began circulating—claiming you were about to send a dodgy message about staff vouchers. It looked official, felt urgent, and caught more than a few people off guard... especially those checking on their phones.