Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.
posts
In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic
The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers
One Click Cost Them $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The resulting ransomware attack cost
The $4.88 Million Lesson Most Organizations Learn Too Late IBM's 2024 Cost of a Data Breach Report put the global average breach cost at $4.88 million. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involved a human element — someone clicked a phishing
The Breach That Started With a Single Click In January 2024, a finance department employee at a mid-size manufacturing firm opened what looked like a routine DocuSign notification. Within 72 hours, a threat actor had exfiltrated 1.2 million customer records and deployed ransomware across the company's entire
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered the company's IT help desk with a ten-minute phone call. The attacker didn't exploit a zero-day. They didn't brute-force a password. They simply convinced a human being to hand over
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker found an employee on LinkedIn, called the IT service desk, and convinced them to reset credentials. That&
The Breach That Bankrupted a 40-Person Company In 2023, a small accounting firm in Sacramento lost every client record it had. A single employee clicked a phishing link disguised as a DocuSign notification. Within 72 hours, a threat actor had deployed ransomware across the entire network. The firm paid $350,
A $4.88 Million Problem That Slides Right Past Your Firewall IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. The leading initial attack vector? Phishing and stolen credentials — both of which target people, not servers. Yet most organizations
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called IT support, impersonated an employee found on LinkedIn, and
