“Accounts Payable, Maeve speaking.”
A man came in mid-breath, all thump and hurry. “Grand, you picked up. Maeve, it’s Daniel from WestConn Lifts (name changed). We’ve been back and forth with Pat in Facilities since lunch. The statutory lift inspection is tomorrow and your remittance still points to the old IBAN. If this isn’t fixed before 5 p.m., the inspector won’t sign off and you’ll be in bother with the health & safety audit next week. Are we sorted or what?”
A blur of Irish office life in one breath: names, audits, a ticking clock. Maeve’s eye dropped to the screen: an invoice from WestConn Lifts was indeed open. Same PO, same amount as usual.
“Right,” she said, polite but guarded.
“Sound. Just confirm the last two digits you’ve got and I’ll give you the new IE IBAN. Thirty seconds and you can go home.” The voice softened into that familiar Irish chivvy: half-friendly, half-push.
Maeve felt the pinch behind the eyes. Training spoke up in the back of her head: Don’t act on inbound calls. Callback via a number you already trust. No bank changes without a ticket and dual approval.
“Fire me your number there and I’ll ring you back after I log a change,” she said.
A beat. Then: “We’re flat out, love. I’ll stay on while you update it. This is time-critical. You do have authority on supplier bank details, yeah? If not, get your manager, please.”
There it was—the turn of the screw. Maeve took a breath, reached for the page-worn “Supplier Updates” SOP taped to her monitor, and found her voice.
“No. We only use the vendor record number on file. If you’re genuine, you know the drill. I’ll call WestConn on the number in our system, ask for you, and we’ll pick it up from there.”
The line went thin. Then the mask slipped: “You’re the reason inspections slip.”
Maeve ended the call.
She opened the vendor master, dialled the published office number for WestConn, and asked for Daniel. No Daniel in Service. No Daniel in Accounts.
She logged the attempt, attached the softphone recording, and sent it to Security Awareness: “Phone pressure to change IBAN—probable vishing / invoice-redirection attempt.” Then she finished the run, made her bus, and went home to the rain
Stage | MITRE Technique | What Happened in the Story | Mitigation |
Initial Contact | Attacker called Maeve pretending to be from a trusted vendor. | ||
Pretext & Pressure | Urgency and authority pretext ('statutory inspection tomorrow, need IBAN fixed now'). | ||
Attempted Payment Diversion | Attacker tried to insert a new IBAN for supplier payment. | ||
Escalation | Push to bypass process ('I’ll stay on while you update it, get your manager if not'). | ||
Detection & Reporting | Maeve logged the incident, attached call recording, and escalated. |
🔗 Full framework: MITRE ATT&CK Enterprise Matrix
🔥 Tooling Roundup
Some interesting Tools to experiment and play with:
dark-web-osint-tools
What it does: A curated collection of tools for investigating the dark web, including search engines, scrapers, and analysis utilities.
Why it’s useful: Instead of hunting for resources one by one, this repo brings together the best dark web OSINT tools in a single place. Perfect for researchers who want to explore onion sites, monitor marketplaces, or integrate dark web intel into investigations.
Recon-ng
What it does: Full-featured reconnaissance framework with dark web modules.
Why it’s useful: Automates data collection from various OSINT sources, including dark web, and outputs structured results for further analysis.
Did You Know? In 1980, the German Navy actually sold off several surplus Enigma machines at a government auction in Munich — for just a few hundred Deutschmarks each. At the time, they were seen mostly as curiosities or outdated junk. Collectors and hobbyists picked them up without realizing they were handling devices that had once been at the heart of one of WWII’s greatest intelligence battles.
Fast forward a few decades, and those very same models are worth hundreds of thousands of dollars at auction, prized as rare artifacts of cryptographic and computing history. One sold at Christie’s in 2017 for over $500,000.
Till next time,
John
Disclaimer: All of the above tools should only be used in controlled, ethical environments — such as red team engagements, security testing, or awareness training. Using these tools without permission is illegal and unethical. Just so you know.