Examines the latest phishing scam tactics targeting individuals and organizations through deceptive emails, websites, and messages. Provides real-world examples, red flags to watch for, and actionable steps to avoid falling victim to phishing attacks.
posts
In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing
The Phishing Email That Cost One Company $60 Million In January 2024, a finance employee at the engineering firm Arup wired $25 million after attending a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. That
In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The whole operation started with a single phishing email.
In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts
In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing
In March 2022, the threat actor group Lapsus$ breached Okta, Microsoft, and Samsung — not through some sophisticated zero-day exploit, but through phishing scams and social engineering that tricked employees into handing over credentials. A group reportedly led by teenagers compromised some of the largest technology companies on the planet. If
In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida-based managed service provider, ultimately cascading into the massive Kaseya VSA supply-chain ransomware attack that hit over 1,500 businesses worldwide. One email. One click. Billions in damages. If you've
The FBI's Internet Crime Complaint Center reported $4.2 billion in losses from cybercrime in 2020 — and phishing scams were the number one reported attack type, with 241,342 complaints. That's not a typo. Nearly a quarter of a million people filed formal complaints about phishing
Your Search for a Phish Setlist Could Land You on a Hacker's Hook Last summer, a colleague of mine — a die-hard Phish fan — searched for a phish setlist from a recent show at Madison Square Garden. He clicked what looked like a legitimate fan site. Within seconds, his
The $4.88 Million Email That Looked Completely Normal In 2024, IBM's Cost of a Data Breach Report pegged the average breach cost at $4.88 million — a record high. And phishing remained the most common initial attack vector. I've investigated dozens of these incidents firsthand,
