Explore in-depth articles about phishing attacks, including email phishing, spear phishing, smishing, and vishing. Learn how attackers craft deceptive messages, steal credentials, and compromise systems — and discover proven strategies to detect and block these threats.
posts
The Text Message That Cost One Company $15 Million In 2022, threat actors hit Twilio with an SMS-based social engineering attack that compromised employee credentials and exposed data for over 160 customers. The attack didn't involve a sophisticated zero-day exploit. It started with a text message pretending to
That "Unsubscribe" Link Just Installed Malware on Your Network In January 2024, a mid-size accounting firm in Ohio lost access to every client file it had. The entry point wasn't a sophisticated zero-day exploit. It was a single spam email disguised as a shipping notification from
In 2023, a single phishing email gave threat actors access to MGM Resorts' entire IT infrastructure. The attackers impersonated an employee on a help desk call — a technique they refined through information harvested from a phishing campaign. The result was over $100 million in losses and days of operational
In September 2022, a teenager allegedly convinced an Uber employee to hand over access credentials through a simple text message. No zero-day exploit. No sophisticated malware. Just a convincing story and a target who didn't verify the request. That single social engineering attack gave the threat actor access
A Single Email Cost This Company $100 Million In 2017, a Lithuanian man tricked Google and Facebook employees into wiring over $100 million to bank accounts he controlled. His weapon wasn't malware. It wasn't a zero-day exploit. It was email. He sent invoices that looked like
A Single Unpatched Laptop Cost One Hospital $3 Million In 2023, the U.S. Department of Health and Human Services settled with a healthcare provider after a ransomware attack that started on one employee's unpatched workstation. The machine hadn't been updated in over 90 days. That
Last year, a hospital administrator told me she ignored an alert about a credential stuffing attack because she didn't know what that phrase meant. Three days later, her organization was dealing with a ransomware incident that shut down patient scheduling for two weeks. The jargon gap in cybersecurity
During a breach investigation last year, I watched a CFO stare blankly at an incident response report and ask, "What's lateral movement? What does 'exfiltration' mean? Can someone just speak English?" That moment crystallized something I've known for two decades: the cybersecurity
AI-generated phishing emails are nearly indistinguishable from legitimate messages. Here is how to build a phishing awareness training program that gives employees the skills to spot them.
Modern phishing emails look exactly like the real thing. No typos, no suspicious attachments — just a convincing message designed to make you act without thinking. Here is how to spot them.
