In March 2025, the FBI's IC3 warned that Americans lost over $470 million to phishing and smishing schemes in the prior reporting year — and text-based attacks were growing faster than any other vector. I've personally triaged incidents where a single SMS message led to a six-figure
In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and voice-based social engineering was one of the fastest-growing attack vectors. I've personally investigated cases where a single phone call cost an organization six
In February 2025, a finance employee at a Hong Kong multinational wired $25 million to threat actors after a deepfake video call impersonating the company's CFO. That single incident captures the state of social engineering attacks right now: they're sophisticated, they exploit trust instead of technology,
In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of
In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The attackers never exploited a software vulnerability. They
The $4.88 Million Lesson Most Organizations Still Haven't Learned IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involved
A Single Click Cost MGM Resorts $100 Million In September 2023, a social engineering phone call to an MGM Resorts IT help desk led to one of the most expensive breaches in hospitality history. The threat actor didn't exploit a zero-day vulnerability. They didn't write a
In May 2024, a single employee at a major healthcare provider clicked a phishing link disguised as a routine benefits update. Within 72 hours, the organization lost access to 14 million patient records and ended up paying a multimillion-dollar ransom. The employee had technically "passed" their annual compliance
In 2024, the average cost of a data breach hit $4.88 million globally, according to IBM's Cost of a Data Breach Report. The same report found that organizations with security awareness training programs and extensive security AI saved an average of $2.22 million per breach compared
In January 2025, a finance employee at a multinational firm joined a video call with what appeared to be their CFO and several colleagues. Every face on the screen was a deepfake. The employee transferred $25 million before anyone realized what happened. That incident — reported by CNN and confirmed by
