That Email From Your CEO? It Was a FakeEmail. In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after attending a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a
In January 2023, PayPal disclosed that threat actors had compromised nearly 35,000 user accounts through credential stuffing — not by breaking PayPal's systems, but by exploiting reused passwords harvested from other breaches. That incident made headlines, but it's the quieter, daily grind of PayPal phishing attacks
In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about threat actors linked to Volt Typhoon — a Chinese state-sponsored group that had been living inside U.S. critical infrastructure networks for years. One of their signature moves? They removed legitimate security tools and logging mechanisms from
3.4 Billion Spam Emails Hit Inboxes Every Single Day That number comes straight from cybersecurity researchers tracking global email traffic, and it should stop you cold. Spam email isn't the mild nuisance it was in 2005 — today it's the primary delivery vehicle for ransomware, credential
In March 2024, the FBI's Internet Crime Complaint Center reported that Americans lost over $10 billion to cybercrime in 2023 — and a staggering portion of those losses started with a single phone call from a number the victim trusted. A spoofing caller doesn't need to hack
In March 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after joining a video call that turned out to be entirely deepfake — triggered by a single phishing link in an email. That link didn't contain a virus. It didn&
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attackers had spoofed not just an email address or
In May 2024, a Google security consultant named Sam Mitrovic nearly fell for a phishing call that used a convincing AI-generated voice impersonating Google support. The caller had a legitimate-looking Google phone number, referenced real account activity, and spoke with the polished fluency of a native English speaker. The only
In January 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The entire operation was coordinated by
Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks
