In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing voice call — a single, well-researched phone call to the company's IT help desk — to compromise the entire organization. The attacker already knew the target employee's name,
The CEO Email That Wasn't From the CEO In early 2025, a mid-sized logistics company wired $3.1 million to a bank account in Hong Kong. The CFO had received an email — apparently from the CEO — requesting an urgent wire transfer for a confidential acquisition. The email address
In May 2025, the FBI issued a stark warning: sophisticated AI-driven phishing attacks are now targeting Gmail's 2.5 billion users with emails so convincing that even seasoned IT professionals are getting fooled. The FBI warns Gmail users of sophisticated AI-driven phishing attacks that leverage generative AI to
The FBI Didn't Issue Gmail Warnings for Fun In late 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in sophisticated phishing attacks targeting Gmail users — attacks so convincing that even security-savvy professionals were getting fooled. By mid-2025, the bureau doubled down, warning
One Phishing Email Cost MGM Resorts $100 Million In September 2023, a single social engineering phone call — preceded by a carefully crafted phishing email reconnaissance campaign — led to the breach that shut down MGM Resorts' operations across Las Vegas. Slot machines went dark. Hotel room keys stopped working. The
In January 2025, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The attack started the same way almost all of them do — with a phishing email. If you'
In May 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — accounted for over $2.9 billion in adjusted losses in 2023 alone. That number has only grown. I've personally worked cases where a single convincing email
The Phone Call That Cost One Company $23 Million In early 2024, a finance worker at engineering firm Arup was tricked into wiring $25 million to threat actors after a deepfake video call that impersonated senior leadership. That incident made headlines worldwide. But for every deepfake video heist, there are
In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing
Your Old AIM Email Is a Bigger Threat Than You Think In December 2017, AOL officially shut down AIM — AOL Instant Messenger — after two decades as one of the internet's most iconic platforms. But here's what most people missed: the email addresses tied to those accounts
