Actionable cybersecurity tips for individuals and organizations looking to strengthen their digital defenses. Topics range from password management and multi-factor authentication to device security, safe browsing habits, and incident response planning.
posts
The Breach That Started With a Single Password In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attackers didn't exploit some exotic zero-day vulnerability. They used basic social engineering — information scraped from LinkedIn
The Text Message That Cost One Company $15 Million In 2022, threat actors hit Twilio with an SMS-based social engineering attack that compromised employee credentials and exposed data for over 160 customers. The attack didn't involve a sophisticated zero-day exploit. It started with a text message pretending to
Last March, a finance director at a mid-size logistics company wired $2.1 million to a threat actor who had spoofed the CEO's email address. The message looked perfect — right tone, right signature, right sense of urgency. The only thing wrong was the reply-to domain, off by a
In March 2024, a finance director at a mid-size manufacturer in Ohio wired $2.3 million to a threat actor who impersonated the company's CEO — all because of a single phishing email. The message looked perfect: right logo, right tone, right email signature. It even referenced an actual
The Email That Cost MGM Resorts $100 Million In September 2023, a single social engineering attack — starting with a phone call but rooted in the same deception principles as phishing emails — led to a breach at MGM Resorts that cost the company over $100 million. The threat actors behind the
In January 2025, a finance director at a mid-sized manufacturing firm received an email from what appeared to be the company's CEO. The domain was off by one character. The request was urgent — wire $220,000 to a new vendor before end of day. She complied. The money
In January 2024, a finance employee at a multinational firm in Hong Kong joined what appeared to be a routine video call with the company's CFO. Everything looked normal — the CFO's face, voice, and mannerisms were all spot-on. The employee followed instructions and wired $25 million
The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated cousin of phishing — accounted for over $2.9 billion in adjusted losses in 2023 alone. That's not a typo. And those are just
In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was brought to its knees by a ransomware attack. Patient data for potentially tens of millions of Americans was exposed. The initial access vector? Stolen credentials on a system that lacked multi-factor authentication. One
In March 2022, the Lapsus$ threat actor group breached Okta — a company literally in the business of identity security — by compromising a single employee through a social engineering campaign that started with phishing. If it can happen to an identity provider securing thousands of enterprises, it can happen to your
