Computer Security News and Insights
In December 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The real CFO had never scheduled the meeting. This
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider socially engineered its way past the help desk with a single phone call. But the reconnaissance that made that call possible? It started with spear phishing — targeted research, crafted messaging, and a specific human
A Single Email Cost This Company $47 Million In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO via email and convinced a finance employee to transfer funds for a fake acquisition. The CEO and CFO were both fired. The company's
In March 2025, the FBI's IC3 warned that Americans lost over $470 million to phishing and smishing schemes in the prior reporting year — and text-based attacks were growing faster than any other vector. I've personally triaged incidents where a single SMS message led to a six-figure
In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and voice-based social engineering was one of the fastest-growing attack vectors. I've personally investigated cases where a single phone call cost an organization six
In February 2025, a finance employee at a Hong Kong multinational wired $25 million to threat actors after a deepfake video call impersonating the company's CFO. That single incident captures the state of social engineering attacks right now: they're sophisticated, they exploit trust instead of technology,
In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of
In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The attackers never exploited a software vulnerability. They
The $4.88 Million Lesson Most Organizations Still Haven't Learned IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involved
A Single Click Cost MGM Resorts $100 Million In September 2023, a social engineering phone call to an MGM Resorts IT help desk led to one of the most expensive breaches in hospitality history. The threat actor didn't exploit a zero-day vulnerability. They didn't write a
