End of feature.
Terranova’s desktop simulations never flagged it. The corporate web proxy never saw it. The flank is complete. Terranova famously advocates for positive reinforcement—never shaming users who fail simulations. Psychologically, this is sound. But sophisticated attackers have weaponized this culture of psychological safety. outflank terranova security
An email arrives that looks like a multi-factor authentication prompt or a shared document notification. It contains a benign-looking QR code. The user is trained to check URLs—but a QR code hides the destination. They scan it with their personal phone, which lacks the corporate email security filter. The phone opens a perfect replica of the Microsoft 365 login page. The user enters their credentials. The attacker now has them. End of feature
Here is how the new generation of social engineering is bypassing one of the world’s premier security awareness platforms. Terranova’s simulations excel at teaching users to scrutinize sender addresses, check for misspellings, and hover over links. Attackers have responded with compromised internal accounts . The flank is complete