Explore in-depth articles about phishing attacks, including email phishing, spear phishing, smishing, and vishing. Learn how attackers craft deceptive messages, steal credentials, and compromise systems — and discover proven strategies to detect and block these threats.
posts
In February 2024, Change Healthcare — one of the largest health payment processors in the U.S. — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted claims processing for hospitals and pharmacies nationwide, exposed protected health information for an estimated 100 million people, and reportedly led to a $22
In January 2026, a major U.S. healthcare network disclosed that threat actors had exfiltrated over 3 million patient records after compromising a single employee's credentials through a phishing email. It wasn't sophisticated malware. It wasn't a zero-day. It was a fake password-reset page.
A Single Input Field Took Down British Airways In 2018, British Airways disclosed a breach that compromised the personal and financial data of approximately 380,000 customers. The attack vector? A modified script injected into their website's payment page. The UK's Information Commissioner's Office
In 2024, the average cost of a data breach hit $4.88 million — the highest figure IBM had ever recorded. That number didn't climb because organizations lacked firewalls. It climbed because most people fundamentally misunderstand what cybersecurity actually is. If you've searched for a cybersecurity definition,
In 2024, the FBI's Internet Crime Complaint Center reported losses exceeding $16 billion from cybercrime — and compromised credentials were the gateway for a staggering number of those incidents. Right now, billions of username-and-password combinations sit on dark web marketplaces, priced anywhere from $1 to $500 depending on what
In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems at hospitals and pharmacies nationwide for weeks. The entry point? Stolen credentials used on a remote access portal that lacked multi-factor authentication. One
A Single Fake Email Cost Facebook and Google $100 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, attached fraudulent invoices, and directed payments to bank accounts he controlled.
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And those are just the ones people actually reported. If you're asking what is phishing, you're asking the
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a single phone call. The attacker impersonated an employee, convinced the help desk to reset credentials, and within hours had burrowed deep enough to deploy ransomware
Your Employees' Passwords Are Probably Already There In 2024, the FBI's Internet Crime Complaint Center (IC3) reported over 880,000 complaints with potential losses exceeding $12.5 billion — and a significant chunk of that activity traces back to credentials and data bought and sold on the dark
