Attackers using social engineering to exploit business processes, rather than tunnelling in via tech

Exclusive When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer.

In December 2025, managed detection and response outfit Binary Defense's threat research group ARC Labs investigated a security incident in which a thief redirected a physician's salary into their own account using a very simple attack that started with a help-desk call.

"This was a combination of exploiting people and processes rather than technology," Dwyer, the deputy CTO and head of Arc Labs, told The Register in an exclusive interview. "It's technology-adjacent. This was identity theft from pure-play social engineering into exploiting a weaker-than-advised process internally to gain access."

The attacker used compromised credentials belonging to a shared mailbox at a healthcare facility. Binary Defenses’ incident responders can't say for certain how the attacker obtained the credentials. Dwyer said his team found no ...