Computer Security News and Insights
In January 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The entire operation was coordinated by
Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks
In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.
The Phishing Headlines Keep Getting Worse In January 2024, a finance worker at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That single incident captures everything terrifying about the current phishing news cycle: attacks are smarter, faster,
In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts
Every week, someone on my team flags a new app or service that employees are asking about. "Hey, is this legit?" It's the single most common security question I hear — and for good reason. The FTC reported over $10 billion in consumer fraud losses in 2023,
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not
In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after attending a deepfake video call where every other "participant" — including the CFO — was an AI-generated impersonation. That single incident redefines what phishing looks like today. If you still
The Fake Identity Website That Fooled an Entire HR Department Earlier this year, an HR team at a mid-size logistics company received a job application that checked every box. The resume was polished, the LinkedIn profile looked legitimate, and the applicant's personal website — showcasing a portfolio and professional
In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the
