Each scenario shows one missed checkpoint and one control that would have prevented loss.
What happened: Caller impersonated a close relative and demanded urgent transfer support.
Missed checkpoint: No independent callback before payment action.
Preventive control: Mandatory callback + private verification phrase.
Expected detection speed: <2 minutes if callback policy exists
What happened: Attacker changed payroll destination through hijacked email trust.
Missed checkpoint: No dual approval for bank detail changes.
Preventive control: Two-person approval + verbal verification.
Expected detection speed: Same-day with payment change alerting
What happened: Public profile metadata supported recovery-question abuse and pivot attacks.
Missed checkpoint: No recovery hardening and excessive identity exposure.
Preventive control: Recovery factor hardening + metadata cleanup cycle.
Expected detection speed: Within 24h via login alert reviews
What happened: Physical QR replacement redirected users to phishing payment page.
Missed checkpoint: No destination validation before credentials/payment entry.
Preventive control: Manual domain verification for sensitive payments.
Expected detection speed: Immediate if URL verification is routine
Guided journey
Step 6 of 9: Stories