Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essentially follow a playbook that involves investing in awareness training, running phishing simulations, and requiring employees to complete annual security modules. The reason behind this is simple and the reasoning behind these efforts is straightforward: if people can better spot malicious emails and recognize malicious activity, incidents will decrease. Yet, the amount of money lost because of business email compromise keeps rising. Credential harvesting is still successful. Conventional multi-factor authentication is frequently circumv...