Explore in-depth articles about phishing attacks, including email phishing, spear phishing, smishing, and vishing. Learn how attackers craft deceptive messages, steal credentials, and compromise systems — and discover proven strategies to detect and block these threats.
posts
The Attack That Cost MGM Resorts $100 Million Started With a Phone Call In September 2023, a threat actor called the MGM Resorts IT help desk, impersonated an employee they found on LinkedIn, and talked their way into a password reset. Within hours, the attackers had deployed ransomware across MGM&
In March 2025, the FBI's IC3 warned that Americans lost over $470 million to phishing and smishing schemes in the prior reporting year — and text-based attacks were growing faster than any other vector. I've personally triaged incidents where a single SMS message led to a six-figure
In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of
A Single Click That Cost a Hospital $22 Million In February 2024, Change Healthcare — the payment processing backbone for thousands of U.S. hospitals and pharmacies — was hit by the ALPHV/BlackCat ransomware group. UnitedHealth Group, its parent company, confirmed paying approximately $22 million in ransom. The attack disrupted prescription
In February 2024, Change Healthcare — the payment processor handling roughly one-third of all U.S. medical claims — was hit by the ALPHV/BlackCat ransomware group. The result: $872 million in direct costs reported by UnitedHealth Group, months of disrupted pharmacy operations, and the personal health data of over 100 million
In May 2024, Ticketmaster confirmed a breach that exposed the personal data of over 560 million customers. The attack vector? Stolen credentials used to access a third-party cloud database. It wasn't some exotic zero-day exploit. It was a login and password that fell into the wrong hands. If
In May 2023, the City of Dallas got hit with Royal ransomware. Police dispatch systems went down. Court services froze. Municipal operations ground to a halt for weeks. The city ultimately spent over $8.5 million on recovery. And here's the part that stings: Dallas had cybersecurity staff
The Breach That Nobody Reported for 72 Days In 2023, the SEC charged SolarWinds' CISO with fraud partly because the company allegedly downplayed the severity of a cyber incident and failed to disclose material risks. That case sent shockwaves through every boardroom in America. It proved something I'
When the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast in May 2021, millions of people suddenly needed to understand words like "ransomware," "threat actor," and "critical infrastructure." But most glossaries online read like they were written by
The Vocabulary Gap That Costs Millions In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a phone call to the help desk. The attacker didn't exploit a software flaw. They exploited a human who didn't fully understand what
