Explores the creation and use of fake emails in cyberattacks, including spoofed sender addresses, forged headers, and deceptive domains designed to impersonate legitimate contacts. Posts help readers identify telltale signs of fabricated emails and implement authentication protocols like SPF, DKIM, and DMARC to block them.
posts
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual
In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every
That Email From Your CEO? It Was a FakeEmail. In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after attending a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a
The FakeEmail Problem Is Bigger Than You Think In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that covers most fakeemail schemes — accounted for $2.4 billion in adjusted losses in 2021 alone. That made it the single most financially damaging
The FakeEmail That Cost One Company $75 Million In 2020, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail techniques — generated over $1.8 billion in losses in a single year. That made it the costliest category of cybercrime, beating ransomware by
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail addresses and spoofed sender identities — accounted for over $2.9 billion in adjusted losses. That made it the single most financially devastating cybercrime category they tracked. Not ransomware. Not cryptojacking. Fake
A Single FakeEmail Cost One Company $37 Million In 2024, Orion SA, a Luxembourg-based steel trading company, disclosed it lost approximately $60 million after an employee was tricked by a business email compromise scheme using fraudulent email communications. That same year, the FBI's IC3 received over 21,000
