The Phishing Email That Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that attackers used carefully crafted phishing emails to trick finance department employees into wiring $46.7 million to overseas accounts controlled by threat actors. The emails impersonated executives. They looked legitimate. And trained professionals
In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the number one reported cybercrime in 2021 — with over 323,000 victims. That's nearly 900 people per day who fell for a fraudulent email. And those are just the ones who reported
In March 2022, the threat actor group Lapsus$ breached Okta by compromising a single employee's credentials through a social engineering attack. One phished account. That's all it took to put thousands of downstream customers at risk. If you're wondering how to avoid phishing attacks,
In 2021, the FBI's Internet Crime Complaint Center received 19,954 business email compromise complaints with adjusted losses of nearly $2.4 billion. That made BEC the single most financially damaging cybercrime category — beating ransomware by a factor of almost 49 to 1. And those are just the
In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a direct descendant of spear phishing — cost organizations over $2.4 billion in 2021 alone. That number dwarfs ransomware losses. Yet most people I talk to still think phishing means a badly written email
In 2016, an employee at Austrian aerospace firm FACC wired $47 million to a bank account controlled by criminals — because an email that looked like it came from the CEO told them to. The CEO was fired. The CFO was fired. The company's stock tanked. That single email
In February 2022, the FBI warned that Americans lost over $68 million to smishing and vishing scams in a single year — and that number only counted what victims actually reported to the FBI's IC3. The real figure is almost certainly multiples higher. I've spent the last
In July 2020, a teenager and two accomplices called Twitter employees, posed as IT staff, and convinced them to hand over internal credentials. Within hours, they'd hijacked 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in
The Phone Call That Cost One Company $100 Million In 2019, a UK-based energy company's CEO received a phone call from what he believed was his boss — the head of the parent company in Germany. The voice was perfect. The accent, the tone, the speech patterns — all spot
In March 2022, the Lapsus$ group didn't crack some zero-day vulnerability to breach Okta. They bribed an employee. They socially engineered their way into a third-party support provider and pivoted from there. No malware. No exploit kit. Just a human being making a decision. That single incident put
