In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.
The Phishing Headlines Keep Getting Worse In January 2024, a finance worker at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That single incident captures everything terrifying about the current phishing news cycle: attacks are smarter, faster,
In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts
Every week, someone on my team flags a new app or service that employees are asking about. "Hey, is this legit?" It's the single most common security question I hear — and for good reason. The FTC reported over $10 billion in consumer fraud losses in 2023,
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not
In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after attending a deepfake video call where every other "participant" — including the CFO — was an AI-generated impersonation. That single incident redefines what phishing looks like today. If you still
The Fake Identity Website That Fooled an Entire HR Department Earlier this year, an HR team at a mid-size logistics company received a job application that checked every box. The resume was polished, the LinkedIn profile looked legitimate, and the applicant's personal website — showcasing a portfolio and professional
In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the
The FBI Gmail Alerts That Should Have Your Attention In early 2024, the FBI issued multiple warnings about sophisticated attacks targeting Gmail users — and the threat landscape has only intensified since. These aren't the clumsy Nigerian prince scams of a decade ago. Threat actors are now using AI-generated
In January 2024, a single employee at a mid-sized accounting firm double-clicked a file named Invoice_Final_v2.exe. Within 40 minutes, the LockBit ransomware variant had encrypted 14,000 files across three networked drives. The ransom demand was $2.2 million. The firm's antivirus was installed. It
