In-depth coverage of phishing attacks, including spear phishing, whaling, vishing, and smishing campaigns. Posts analyze attack methods, explore recent phishing trends, and provide defensive strategies that help organizations reduce their exposure to credential theft and data breaches.
posts
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of
In January 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — much of it powered by spoofed sender addresses — cost American organizations over $2.9 billion in 2023 alone. Behind a huge share of those losses sits a deceptively simple tool: the fake mailer. These
The FBI Gmail Alert That Should Have Changed How You Think About Email In late 2024, the FBI issued a stark warning: AI-driven phishing attacks targeting Gmail users had become so sophisticated that even technically savvy professionals were falling for them. The advisory wasn't hypothetical. It was based
Ransomware Isn't Slowing Down — It's Shapeshifting In February 2024, Change Healthcare suffered what became one of the most devastating ransomware attacks in U.S. history. The ALPHV/BlackCat ransomware group crippled the nation's largest health care payment processor, disrupting pharmacies, hospitals, and insurance claims
A Single Email Cost This Company $25 Million In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after a deepfake video call that started with one phishing email. That's not a hypothetical. That happened. And it began the same way nearly
In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. It started, like almost every attack of its kind, with
In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the
In September 2022, Uber disclosed a breach that started with a single employee accepting a multi-factor authentication push notification they shouldn't have. The threat actor behind it — linked to the Lapsus$ group — had already compromised the employee's credentials. But the initial foothold? Social engineering and malware
In March 2022, the hacking group Lapsus$ breached Okta by phishing a single contractor's credentials. That one successful social engineering attack gave threat actors access to systems used by thousands of companies worldwide. If you're searching for the definition of a phishing attack, that incident is
A Single Email Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that employees had been tricked into wiring $46.7 million to overseas accounts controlled by attackers. The weapon wasn't malware or a zero-day exploit. It was email. If you've ever asked
