In March 2025, the FBI's Internet Crime Complaint Center reported that phishing remained the number one reported cybercrime for the fifth consecutive year. That stat alone should tell you everything about where threat actors are focusing their energy. But raw numbers don't teach your employees what
The Attack That Cost MGM Resorts $100 Million Started With a Phone Call In September 2023, a threat actor called the MGM Resorts IT help desk, impersonated an employee they found on LinkedIn, and talked their way into a password reset. Within hours, the attackers had deployed ransomware across MGM&
A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects
In March 2025, a mid-size accounting firm in the Midwest lost $2.1 million after a single employee clicked a spoofed DocuSign link during tax season. The firm had antivirus software. They had a firewall. What they didn't have was phishing simulation training — the one layer of defense
In January 2025, a finance director at a mid-sized manufacturing firm received an email from what appeared to be the company's CEO. The domain was off by one character. The request was urgent — wire $220,000 to a new vendor before end of day. She complied. The money
In May 2025, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number-one reported cybercrime for the fifth consecutive year, with losses tied to business email compromise alone exceeding $2.9 billion annually in recent reports. I've spent over two decades
In March 2025, a mid-size healthcare provider in the Midwest lost 1.4 million patient records because one employee in accounts payable clicked a link in a fake DocuSign email. The organization had antivirus software, a firewall, and an email gateway. What they didn't have was a phishing
In December 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The real CFO had never scheduled the meeting. This
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider socially engineered its way past the help desk with a single phone call. But the reconnaissance that made that call possible? It started with spear phishing — targeted research, crafted messaging, and a specific human
A Single Email Cost This Company $47 Million In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO via email and convinced a finance employee to transfer funds for a fake acquisition. The CEO and CFO were both fired. The company's
