Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.
posts
The Email That Cost MGM Resorts $100 Million In September 2023, a single social engineering attack — starting with a phone call but rooted in the same deception principles as phishing emails — led to a breach at MGM Resorts that cost the company over $100 million. The threat actors behind the
Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of
The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One
A Legitimate DocuSign Email That Steals Your PayPal Credentials In November 2024, Avanan researchers documented a wave of attacks where threat actors sent phishing emails through DocuSign's actual platform — not spoofed emails, but real DocuSign notifications. The documents inside impersonated PayPal invoices requesting payment authorization for hundreds or
A Single Phishing Attack Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider impersonated an MGM Resorts employee during a help desk call. That single social engineering interaction led to a ransomware deployment that shut down slot machines, hotel key cards, and reservation systems across
The Phishing Email That Cost One Company $60 Million In January 2024, a finance employee at the engineering firm Arup wired $25 million after attending a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. That
The Virus That Cost a Hospital Chain $100 Million In 2017, the NotPetya wiper malware tore through networks worldwide in under 24 hours. Heritage Valley Health System lost access to its entire network — radiology, cardiology, even surgical systems went dark. Across the globe, Maersk lost nearly $300 million. Merck reported
The Breach That Started With a Single Unpatched System In February 2024, UnitedHealth Group's subsidiary Change Healthcare suffered a ransomware attack that disrupted healthcare payment processing across the United States for weeks. The attackers gained access through a Citrix remote access portal that lacked multi-factor authentication. One system.
In January 2025, the Verizon Data Breach Investigations Report team was already tracking a sharp rise in cloud-specific intrusions — a trend that accelerated throughout the year. By mid-2025, roughly 45% of all breaches involved cloud assets, up significantly from prior years. If your organization moved to the cloud and assumed
