A Single Phish Cost Twilio 163 Million User Records In August 2022, Twilio — a company that powers authentication for thousands of apps — confirmed that attackers used SMS-based phishing to compromise employee credentials. That single phish gave threat actors access to data from 163 customer accounts, which cascaded into a breach
That Gmail Alert Isn't Always What It Seems In September 2022, the FBI's Internet Crime Complaint Center (IC3) warned that threat actors were increasingly spoofing legitimate security alerts to steal credentials. One of the most common lures? A fake Gmail account access warning that looks virtually
In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — attacks built on a single convincing fake email — caused $2.4 billion in adjusted losses in 2021 alone. That made it the most financially devastating cybercrime category in the entire FBI IC3 annual report.
Twilio disclosed in August that a phishing campaign tricked its employees into handing over credentials via SMS, exposing data tied to over 130 organizations — including Signal users. A few weeks later, Uber suffered a breach when an attacker used social engineering to fatigue an employee with multi-factor authentication push requests
In early 2022, the FBI issued a stark warning: cybercriminals were registering over 10,000 malicious domains specifically designed to support SMS phishing — or "smishing" — campaigns targeting American consumers. These weren't sloppy, typo-filled messages from a decade ago. They were polished, urgent, and devastatingly effective. The
Why Every Security Team Needs a Phish Setlist In March 2022, Okta confirmed that the Lapsus$ threat actor group breached a third-party support engineer's account — and a big part of that attack chain started with social engineering. A single compromised credential. One phishing message that worked. That'
One Clicked Link Cost This Company Everything In September 2022, a single employee at Uber clicked a link in a social engineering attack. The threat actor, reportedly affiliated with Lapsus$, used that foothold to access internal systems, Slack channels, and cloud infrastructure. The breach made global headlines — not because Uber&
Twilio, a company with a sophisticated security team and a tech-savvy workforce, got phished in August 2022. Attackers sent SMS messages to employees pretending to be the IT department, directing them to a fake login page. The result: compromised credentials, unauthorized access to customer data, and a breach that rippled
In March 2022, the hacking group Lapsus$ breached Okta by phishing a single contractor's credentials. That one successful social engineering attack gave threat actors access to systems used by thousands of companies worldwide. If you're searching for the definition of a phishing attack, that incident is
In March 2022, the FBI warned that business email compromise schemes — many of which rely heavily on spoofing — had caused over $43 billion in global losses since 2016. That's not a typo. Forty-three billion. And the most unsettling part? The attacks didn't require elite hacking skills.
