Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.
posts
In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,
The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas
In March 2024, a finance director at a mid-size manufacturer in Ohio wired $2.3 million to a threat actor who impersonated the company's CEO — all because of a single phishing email. The message looked perfect: right logo, right tone, right email signature. It even referenced an actual
The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a social engineering phone call that led to credential theft and a devastating ransomware attack. The estimated cost exceeded $100 million. The attack vector? A
In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most
One Reused Password Cost This Company $4.6 Billion In 2017, a single set of reused credentials let threat actors walk into Equifax's systems and expose 147 million records. The total cost exceeded $4.6 billion when you factor in the FTC settlement, lawsuits, and remediation. One password.
One Band's Name Became Cybersecurity's Favorite Metaphor In 2024, the FBI's IC3 report documented over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And yet, most organizations still run phishing simulations like they're checking
The FBI Didn't Issue Gmail Warnings for Fun In late 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in sophisticated phishing attacks targeting Gmail users — attacks so convincing that even security-savvy professionals were getting fooled. By mid-2025, the bureau doubled down, warning
In May 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — accounted for over $2.9 billion in adjusted losses in 2023 alone. That number has only grown. I've personally worked cases where a single convincing email
The Phone Call That Cost One Company $23 Million In early 2024, a finance worker at engineering firm Arup was tricked into wiring $25 million to threat actors after a deepfake video call that impersonated senior leadership. That incident made headlines worldwide. But for every deepfake video heist, there are
