The Email That Cost MGM Resorts $100 Million In September 2023, a single social engineering attack — starting with a phone call but rooted in the same deception principles as phishing emails — led to a breach at MGM Resorts that cost the company over $100 million. The threat actors behind the
Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of
In May 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a category built almost entirely on fake emails — accounted for over $2.9 billion in adjusted losses in a single year. That figure dwarfed ransomware losses by a factor of nearly 50. And those
In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every
The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One
The Trojan Horse You Already Installed In March 2024, a lone developer named Andres Freund noticed something odd: SSH connections were taking 500 milliseconds too long. That curiosity uncovered the XZ Utils backdoor — a sophisticated supply chain attack where a threat actor had spent two years building trust as a
160 Billion Spam Emails a Day — and Your Inbox Isn't Immune In 2024, the Verizon Data Breach Investigations Report confirmed what security professionals have been saying for years: email remains the primary initial access vector for data breaches. Over 90% of cyberattacks start with some form of malicious
In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and phone-based fraud, driven largely by spoofing caller techniques, remains one of the fastest-growing categories. I've watched organizations with solid email security get gutted
In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call that appeared to feature the company's CFO. The deepfake was convincing, but the attack started with something far simpler — a phishing link embedded
