Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.
posts
In March 2024, a finance employee at a multinational firm wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. The attack started with a single phishing email. That one message opened the door to a loss most companies would never recover
In 2023, the FBI's IC3 reported over $5.6 billion in losses from phishing and its variants — and smishing, the SMS-based cousin, drove a massive chunk of that number. I've watched smishing evolve from clumsy "you won a prize" texts into sophisticated, multi-step social
A Single Misconfigured Bucket Exposed 3 Billion Records In 2021, Cognyte left an unsecured database containing over 5 billion records — scraped from previous breaches — sitting in a cloud storage instance with no authentication required. Anyone with a browser could reach it. That's not a sophisticated nation-state attack. That&
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on
Your Employees Are Hungry — And Threat Actors Are Cooking In 2023, the FBI's Internet Crime Complaint Center (IC3) logged over 298,000 phishing complaints — more than any other cybercrime category for the fifth year running. That's nearly 817 reported phishing attacks per day. And those are
Your Employees' Phones Are Under Siege In March 2024, MGM Resorts was still reeling from one of the most expensive social engineering attacks in corporate history — one that started with a phone call, not an email. That incident cost the company over $100 million. And it's not
One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and gained access to the company's entire network. The result: over $100 million in losses, days of disrupted operations,
The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for millions of Americans. UnitedHealth Group confirmed paying a $22 million ransom. The attack vector? Stolen credentials on a system that lacked multi-factor authentication. One missing
A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used carefully crafted emails — impersonating executives — to trick finance employees into wiring $46.7 million to overseas accounts. That wasn't a mass spam campaign. It was spear phishing: a surgical, researched, devastatingly
The CEO Who Wired $47 Million to a Criminal In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after threat actors spoofed the CEO's email and instructed a finance employee to wire funds for a fake acquisition. The employee believed the request was legitimate. The
