Explore in-depth articles about phishing attacks, including email phishing, spear phishing, smishing, and vishing. Learn how attackers craft deceptive messages, steal credentials, and compromise systems — and discover proven strategies to detect and block these threats.
posts
During a breach investigation last year, I watched a CFO stare blankly at an incident response report and ask, "What's lateral movement? What does 'exfiltration' mean? Can someone just speak English?" That moment crystallized something I've known for two decades: the cybersecurity
AI-generated phishing emails are nearly indistinguishable from legitimate messages. Here is how to build a phishing awareness training program that gives employees the skills to spot them.
Modern phishing emails look exactly like the real thing. No typos, no suspicious attachments — just a convincing message designed to make you act without thinking. Here is how to spot them.
The Threat That Refuses to Die In January 2025, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing and its variants remained the number one reported cybercrime by volume — for the fifth consecutive year. Over 298,000 complaints. That number only counts the
The MGM Breach Started With a Single Phone Call In September 2023, a threat actor called the MGM Resorts help desk, pretended to be an employee, and talked their way into a credential reset. Within hours, the Scattered Spider group had deep access to MGM's systems. The result:
The CEO Email That Wasn't From the CEO In early 2025, a mid-sized logistics company wired $3.1 million to a bank account in Hong Kong. The CFO had received an email — apparently from the CEO — requesting an urgent wire transfer for a confidential acquisition. The email address
In January 2025, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The attack started the same way almost all of them do — with a phishing email. If you'
160 Billion Spam Emails a Day — and Your Inbox Isn't Immune In 2024, the Verizon Data Breach Investigations Report confirmed what security professionals have been saying for years: email remains the primary initial access vector for data breaches. Over 90% of cyberattacks start with some form of malicious
In March 2025, the FBI's Internet Crime Complaint Center reported that spoofing-related fraud accounted for billions in losses across American businesses and individuals. Every major data breach investigation I've worked on in the past five years started the same way — someone trusted something that wasn'
A Single Fake Identity Website Cost One Company $47 Million In early 2024, a finance employee at engineering firm Arup wired $25 million after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The
