A curated collection of real-world phishing examples and breakdowns that highlight current tactics used by attackers. Each entry dissects the anatomy of a phishing attempt so readers can recognize and avoid similar threats in their own inboxes.
posts
One Band's Name Became Cybersecurity's Favorite Metaphor In 2024, the FBI's IC3 report documented over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And yet, most organizations still run phishing simulations like they're checking
What a Phish Setlist Is — And Why Your Security Team Needs One In March 2024, a mid-size accounting firm lost $2.1 million after an employee clicked a single phishing email disguised as a DocuSign request during tax season. The firm had no phishing simulation program. No playbook. No plan.
Why Every Security Team Needs a Phish Setlist In March 2022, Okta confirmed that the Lapsus$ threat actor group breached a third-party support engineer's account — and a big part of that attack chain started with social engineering. A single compromised credential. One phishing message that worked. That'
Every Great Attack Starts With a Setlist In July 2021, a single phishing email gave a threat actor access to credentials at a Florida IT management firm, triggering the Kaseya VSA ransomware attack that cascaded to over 1,500 businesses worldwide. One click. One employee. One email that someone didn&
Your Search for a Phish Setlist Could Land You on a Hacker's Hook Last summer, a colleague of mine — a die-hard Phish fan — searched for a phish setlist from a recent show at Madison Square Garden. He clicked what looked like a legitimate fan site. Within seconds, his
Your Organization Needs a Phish Setlist — Not Just One Test In 2023, the FBI's IC3 received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. Yet most organizations I work with still run the same single phishing simulation once a
