Computer Security News and Insights
In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — a scheme built almost entirely on spoofing — cost victims over $2.4 billion in 2021 alone. That made it the single most financially devastating category of cybercrime they tracked. Not ransomware. Not cryptojacking. Spoofing-based
A Single Phishing Email Led to a $100 Million Heist Between 2013 and 2015, a Lithuanian man orchestrated one of the most audacious cases of group online svindel ever documented. Evaldas Rimasauskas and his associates impersonated a legitimate Asian hardware manufacturer and tricked both Google and Facebook into wiring over
A Perfectly Forged Invoice That Almost Worked Last month, a controller at a mid-sized logistics company forwarded me an email she'd almost clicked. It looked like a DocuSign envelope notification for a PayPal invoice — complete with the yellow DocuSign button, a legitimate-looking PayPal logo, and a $3,200
In March 2022, threat actor group Lapsus$ breached Okta by compromising a single support engineer's laptop — an attack chain that started with social engineering and credential theft. One employee. One set of stolen credentials. And suddenly, a company trusted by thousands of organizations to manage authentication was scrambling
In August 2022, Twilio disclosed that a sophisticated phishing campaign had compromised employee credentials and exposed data tied to over 130 organizations — including the encrypted messaging giant Signal. A month earlier, a massive phishing operation dubbed "0ktapus" by researchers at Group-IB had already hit over 130 companies. If
In March 2022, the threat actor group Lapsus$ breached Okta, Microsoft, and Samsung — not through some sophisticated zero-day exploit, but through phishing scams and social engineering that tricked employees into handing over credentials. A group reportedly led by teenagers compromised some of the largest technology companies on the planet. If
Every week, I get emails from readers asking the same type of question: "I found this app called Removed — is it legit?" Sometimes it's Removed, sometimes it's another obscure app that popped up in a search result, an ad, or a text message from
In March 2022, the FBI warned that business email compromise — a category dominated by spear phishing — cost victims over $2.4 billion in 2021 alone, making it the most financially damaging cybercrime category in the FBI IC3 Annual Report. That number dwarfs ransomware losses. So what is spear phishing, exactly,
In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor — potentially impacting hundreds of enterprise customers downstream. The attack didn't exploit some exotic zero-day. It exploited a human being who clicked a link. If you're here to define phishing,
That Login Page Isn't Real — And Your Employees Can't Tell In March 2022, the FBI warned that cybercriminals were registering domains impersonating well-known businesses at an alarming rate. The scam is straightforward: build a fake identity website that mirrors a legitimate login page, blast phishing emails
