Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.
posts
A Single Fake Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that Business Email Compromise (BEC) schemes — built entirely on fake emails — accounted for over $2.9 billion in adjusted losses across the United States. That figure only captures what
In 2022, a single phishing email sent to a Twilio employee led to the compromise of 163 customer accounts, including high-profile targets like Signal. The attacker didn't exploit a zero-day vulnerability or brute-force a password. They sent a text message that looked like it came from Twilio'
The Email That Cost One Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. He sent fake invoices from a spoofed vendor email address. Employees at two of the most technically sophisticated companies on
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses and recovery. The attacker didn't blast out a million generic messages — they researched one employee, crafted one convincing message, and made one phone call to the help desk. That's the
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — more than any other cybercrime category. That number has only grown since. I've spent years helping organizations respond to phishing incidents, and the pattern is almost always the same: someone clicks a
The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers
One Invoice, One Email, $47 Million Gone In 2024, Orion Engineering lost $47 million to a single fraudulent wire transfer. The attacker didn't hack a firewall or exploit a zero-day. They compromised a vendor's email account, inserted themselves into an ongoing invoice thread, and changed the
A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used spear phishing emails to impersonate executives and trick finance employees into wiring $46.7 million to overseas accounts. They eventually recovered some of it, but the damage was done. That wasn't
A Single Email Cost This Company $47 Million In 2015, Ubiquiti Networks disclosed that threat actors used a CEO fraud email scam to trick finance employees into wiring $46.7 million to overseas accounts controlled by attackers. The emails looked like routine requests from senior executives. No malware was involved.
In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. One compromised credential. One employee who didn't catch the red flags. The result: fuel shortages across the East Coast, a $4.4 million ransom payment, and
