Explore in-depth articles about phishing attacks, including email phishing, spear phishing, smishing, and vishing. Learn how attackers craft deceptive messages, steal credentials, and compromise systems — and discover proven strategies to detect and block these threats.
posts
The Attack That Shut Down 100 Romanian Hospitals In February 2024, a ransomware attack hit over 100 hospitals across Romania, forcing them offline and back to pen-and-paper operations. Patient data was encrypted. Emergency services were disrupted. The attack vector? Malware that slipped through a single vulnerable system and spread laterally
A Single Click Cost One Hospital Chain $100 Million In 2024, Change Healthcare was hit by the ALPHV/BlackCat ransomware group. The attack disrupted insurance claims processing for thousands of healthcare providers across the United States. UnitedHealth Group eventually disclosed costs exceeding $870 million related to the incident. The entry
In April 2022, researchers at Avast discovered that the GhostDNS botnet had compromised over 100,000 home routers across Brazil — silently redirecting banking customers to pixel-perfect phishing pages. Victims typed their real bank URLs into their browsers. The addresses looked correct. But every keystroke landed on a threat actor'
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime for the fifth consecutive year. And those are just the ones people reported. I've spent years helping organizations respond to breaches, and the vast majority start
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated category of fake email — caused adjusted losses exceeding $2.9 billion in a single year. That wasn't from exotic zero-day exploits. It was from emails that looked real but weren'
In 2024, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee, and gained access to internal systems. The initial vector? A social engineering call informed by information harvested through phishing. One phone call. One convincing story. Nine figures in damages. If
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the single most reported cybercrime for the fifth consecutive year. Yet when I ask executives what phishing actually is, most give me a vague answer about "fake emails." That&
In 2023, a finance employee at the multinational firm Arup wired $25 million to threat actors after a deepfake video call that spoofed the company's CFO and several colleagues. Every face on the screen was fake. Every voice was synthesized. The employee had no reason to doubt what
A Single Spoofed Email Cost This Company $46.7 Million In 2016, FACC Operations GmbH, an Austrian aerospace parts manufacturer, lost €42 million (roughly $46.7 million USD) after attackers sent a spoofed email impersonating the company's CEO. The finance department wired the money to accounts controlled by
In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that phishing was the most frequently reported cybercrime — again. Over 193,000 complaints were filed for phishing alone, and the real number is far higher since most incidents go unreported. I've spent years watching organizations get
