Computer Security News and Insights
In May 2025, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number-one reported cybercrime for the fifth consecutive year, with losses tied to business email compromise alone exceeding $2.9 billion annually in recent reports. I've spent over two decades
In March 2025, a mid-size healthcare provider in the Midwest lost 1.4 million patient records because one employee in accounts payable clicked a link in a fake DocuSign email. The organization had antivirus software, a firewall, and an email gateway. What they didn't have was a phishing
In December 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The real CFO had never scheduled the meeting. This
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider socially engineered its way past the help desk with a single phone call. But the reconnaissance that made that call possible? It started with spear phishing — targeted research, crafted messaging, and a specific human
A Single Email Cost This Company $47 Million In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO via email and convinced a finance employee to transfer funds for a fake acquisition. The CEO and CFO were both fired. The company's
In March 2025, the FBI's IC3 warned that Americans lost over $470 million to phishing and smishing schemes in the prior reporting year — and text-based attacks were growing faster than any other vector. I've personally triaged incidents where a single SMS message led to a six-figure
In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and voice-based social engineering was one of the fastest-growing attack vectors. I've personally investigated cases where a single phone call cost an organization six
In February 2025, a finance employee at a Hong Kong multinational wired $25 million to threat actors after a deepfake video call impersonating the company's CFO. That single incident captures the state of social engineering attacks right now: they're sophisticated, they exploit trust instead of technology,
In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of
In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The attackers never exploited a software vulnerability. They
