Learn how phishing simulation exercises help organizations test employee readiness against real-world email attacks. This tag covers simulation design, campaign metrics, benchmarking results, and using simulated phishing to continuously improve organizational resilience to social engineering threats.
posts
In 2024, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They simply called IT support, impersonated an employee they found on
The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for nearly every hospital and pharmacy in the United States. UnitedHealth Group later confirmed the breach affected approximately 100 million individuals — making it the largest healthcare
In 2023, MGM Resorts lost roughly $100 million after a social engineering attack bypassed every piece of computer security software they had deployed. The attackers didn't exploit a zero-day vulnerability. They didn't brute-force a firewall. They called the help desk, impersonated an employee, and walked right
A 3-Minute Email Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a deepfake video call with what appeared to be the company's CFO and several colleagues. Every person on that call was AI-generated. The employee transferred $25.6 million (approximately HK$
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past help desk staff with a ten-minute phone call. The attackers didn't exploit some exotic zero-day. They exploited a human being
In May 2025, the FBI's Internet Crime Complaint Center reported that phishing was — for the ninth consecutive year — the most-reported cybercrime in the United States. Not ransomware. Not cryptojacking. Phishing. The simplest attack in the playbook continues to cause the most damage, and the phishing meaning most people
One Phishing Email Cost MGM Resorts $100 Million In September 2023, a single social engineering phone call — preceded by a carefully crafted phishing email reconnaissance campaign — led to the breach that shut down MGM Resorts' operations across Las Vegas. Slot machines went dark. Hotel room keys stopped working. The
A Single Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee with a phone call. That single interaction — not a sophisticated zero-day exploit, not a nation-state supply chain attack — led to a ransomware incident that cost the
The Breach That Started With a Single Click In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard compromised a legacy test tenant account using a password spray attack — no multi-factor authentication, no special exploit. Just a weak credential and an employee environment nobody was watching. The attackers
The Click That Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee with a simple phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital room keys across Las
