Computer Security News and Insights
A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million to a single business email compromise attack. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices via email over a two-year period. These weren't sophisticated
Your Organization Needs a Phish Setlist — Not Just One Test In 2023, the FBI's IC3 received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. Yet most organizations I work with still run the same single phishing simulation once a
In early 2024, researchers at Proofpoint documented a campaign where a single threat actor group rotated through at least six distinct phishing lure templates in under three weeks — targeting financial services, healthcare, and education sectors in sequence. Security teams that recognized the first lure missed the second. Those who caught
In 2024, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing — making it the most reported cybercrime for the fifth consecutive year. Yet when I ask employees in training sessions to give me a phishing definition, most of them describe a Nigerian prince
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. I've spent years helping organizations respond to these attacks, and the pattern is always the same: someone clicks a link
A CFO, a Spoofed Email, and a $37 Million Wire Transfer In 2024, the FBI's Internet Crime Complaint Center (IC3) continued reporting staggering losses from business email compromise — a category where spoofing is the engine that makes the scam work. Threat actors forge sender addresses, manipulate caller IDs,
A Single Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation wired $37 million to a threat actor who impersonated a business partner via email. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices over two years. These weren't
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing phone call — a single, targeted social engineering attack against an IT help desk employee — to breach one of the largest casino operators on the planet. The attacker found the employee'
The CEO Email That Cost a Company $47 Million In 2015, Ubiquiti Networks disclosed that attackers impersonating company executives via spoofed emails tricked employees into wiring $46.7 million to overseas accounts. The emails looked legitimate. The sender addresses appeared correct. No malware was involved. The entire attack hinged on
The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready In late 2024, the FBI issued a stark public service announcement: threat actors are using generative AI to craft phishing emails so convincing that even seasoned IT professionals struggle to spot them. The
