Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.
posts
A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million to a single business email compromise attack. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices via email over a two-year period. These weren't sophisticated
Your Organization Needs a Phish Setlist — Not Just One Test In 2023, the FBI's IC3 received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. Yet most organizations I work with still run the same single phishing simulation once a
In early 2024, researchers at Proofpoint documented a campaign where a single threat actor group rotated through at least six distinct phishing lure templates in under three weeks — targeting financial services, healthcare, and education sectors in sequence. Security teams that recognized the first lure missed the second. Those who caught
A Developer Nearly Lost Everything to a Fake Google Support Call In early 2025, a widely reported attack targeted Gmail users with a phone call that appeared to come from Google's actual support number. The caller — using AI-generated voice — told the victim their account had been compromised. They
Last year, a finance director at a mid-size logistics company wired $1.2 million to a threat actor who sent a single phishing email impersonating the CEO. The email contained no malware, no suspicious attachments, and no misspelled words. It simply asked for an urgent wire transfer, referenced a real
A Single Phishing Email Cost This Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing — often misspelled as "phising" — remained the most reported cybercrime category, with hundreds of thousands of complaints filed in a single year. But the raw numbers don&
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime for the fifth consecutive year. That number only accounts for what gets reported. The actual volume is staggering. So what is a phishing attack, and why does
A Single Phishing Email Just Cost a Healthcare System $65 Million If you follow phishing news, you already know the headlines keep getting worse. Change Healthcare's 2024 breach — triggered by compromised credentials and the absence of multi-factor authentication — led to a reported $22 billion disruption across the U.
The Breach That $300K in Security Tools Didn't Stop In 2023, a mid-sized healthcare firm in the Midwest spent over $300,000 annually on products from multiple computer security companies. Endpoint detection, SIEM, email gateway filtering — the full stack. Then an employee clicked a phishing link inside a
The Hiring Manager Doesn't Care Where You Sat in Class I've reviewed over a thousand resumes for security analyst and incident response roles. Not once — not a single time — have I rejected a candidate because their online computer security degree wasn't earned in a
