Computer Security News and Insights
In 2023, a finance employee at the multinational firm Arup wired $25 million to threat actors after a deepfake video call that spoofed the company's CFO and several colleagues. Every face on the screen was fake. Every voice was synthesized. The employee had no reason to doubt what
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime in the United States for the fifth consecutive year. Yet when I ask employees during security assessments to explain what phishing actually is, most give me a
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider used a spear phishing phone call to trick a help desk employee into resetting credentials. One call. One employee. One hundred million dollars. That's not a bulk spam campaign — that's
A Single Spoofed Email Cost This Company $46.7 Million In 2016, FACC Operations GmbH, an Austrian aerospace parts manufacturer, lost €42 million (roughly $46.7 million USD) after attackers sent a spoofed email impersonating the company's CEO. The finance department wired the money to accounts controlled by
When the FBI Tells You to Pay Attention, Pay Attention In late 2024, the FBI issued a stark public service announcement warning that threat actors are leveraging generative AI to craft highly convincing phishing campaigns — and Gmail's 1.8 billion users sit squarely in the crosshairs. The FBI
A Phone Call From "Google" That Wasn't Google at All In late 2024, a Gmail user received a phone call from what appeared to be a legitimate Google support number. The caller warned of suspicious account activity, walked them through a fake recovery process, and captured
One Phishing Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than fraudulent invoices and carefully crafted phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices to accounts payable
In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that phishing was the most frequently reported cybercrime — again. Over 193,000 complaints were filed for phishing alone, and the real number is far higher since most incidents go unreported. I've spent years watching organizations get
The Fake Mail That Drained $37 Million In 2024, Toyota Boshoku Corporation disclosed a business email compromise attack where a threat actor used fake mail to trick a finance executive into wiring approximately $37 million to a fraudulent bank account. The email looked legitimate. The sender address was nearly identical
The $4.88 Million Email That Looked Completely Normal In 2024, IBM's Cost of a Data Breach Report pegged the average breach cost at $4.88 million — a record high. And phishing remained the most common initial attack vector. I've investigated dozens of these incidents firsthand,
