In March 2022, threat actors used a simple phishing text message to breach Okta through a third-party contractor, Sitel. That single compromised credential gave attackers access to internal systems supporting thousands of Okta's customers. The attack didn't require sophisticated malware or a zero-day exploit. It required
In March 2022, the threat actor group Lapsus$ breached Okta by spear phishing a single support engineer at a third-party contractor. That one compromised account gave the attackers a foothold that ultimately affected roughly 366 Okta customers. Not a mass email blast. Not a Nigerian prince scam. One carefully researched,
A Single Spoof Email Cost This Company $121 Million In 2019, Toyota Boshoku Corporation disclosed that a subsidiary lost $37 million after an attacker used a spoofed email to impersonate a senior executive and authorize a fraudulent wire transfer. That wasn't an isolated case. Business email compromise (BEC)
The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready Earlier this year, the FBI's Internet Crime Complaint Center (IC3) reported that phishing schemes — including business email compromise — accounted for over $2.7 billion in adjusted losses in 2021 alone. Now,
The FBI Is Warning Gmail Users — And Most People Aren't Listening In March 2022, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing — including attacks targeting Gmail users specifically — generated more victim complaints than any other cybercrime category. Over 300,000
In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's
The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack
The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In January 2022, the FBI released an advisory warning that criminals were increasingly using voice phishing (vishing) and SMS phishing (smishing) to steal credentials, drain bank accounts, and breach corporate networks. This wasn't a
In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing
Your Old AIM Email Account Is a Bigger Problem Than You Think In December 2017, AOL officially shut down AIM — AOL Instant Messenger. But here's what most people missed: the AIM email addresses and associated credentials didn't just vanish. They ended up in breach databases, credential
