Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.
posts
They Don't Just Send One Email — They Run a Phish Tour In 2023, the FBI's IC3 received over 298,000 phishing complaints, making it the most reported cybercrime category for the fifth consecutive year. But here's the part that doesn't make the
One Phishing Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than fraudulent invoices and carefully crafted phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices to accounts payable
In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that phishing was the most frequently reported cybercrime — again. Over 193,000 complaints were filed for phishing alone, and the real number is far higher since most incidents go unreported. I've spent years watching organizations get
The Fake Mail That Drained $37 Million In 2024, Toyota Boshoku Corporation disclosed a business email compromise attack where a threat actor used fake mail to trick a finance executive into wiring approximately $37 million to a fraudulent bank account. The email looked legitimate. The sender address was nearly identical
The $4.88 Million Email That Looked Completely Normal In 2024, IBM's Cost of a Data Breach Report pegged the average breach cost at $4.88 million — a record high. And phishing remained the most common initial attack vector. I've investigated dozens of these incidents firsthand,
Your Inbox Is a Buffet — And Threat Actors Are Cooking In March 2023, the FBI's Internet Crime Complaint Center reported that phishing was the number one crime type by victim count for the fifth year running, with over 298,000 complaints in a single year. Every one of
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime category for the fifth year running. That's not a number on a slide deck. That's hundreds of thousands of real organizations bleeding money,
In 2022, a single phishing email sent to a Twilio employee led to the compromise of 163 customer accounts, including high-profile targets like Signal. The attacker didn't exploit a zero-day vulnerability or brute-force a password. They sent a text message that looked like it came from Twilio'
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses and recovery. The attacker didn't blast out a million generic messages — they researched one employee, crafted one convincing message, and made one phone call to the help desk. That's the
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — more than any other cybercrime category. That number has only grown since. I've spent years helping organizations respond to phishing incidents, and the pattern is almost always the same: someone clicks a
