Explore in-depth articles about phishing attacks, including email phishing, spear phishing, smishing, and vishing. Learn how attackers craft deceptive messages, steal credentials, and compromise systems — and discover proven strategies to detect and block these threats.
posts
A hospital employee clicked a link in what looked like a routine password reset email. Within 72 hours, CommonSpirit Health — one of the largest U.S. health systems — was battling a ransomware attack that disrupted operations at over 140 facilities. The investigation report cited "lack of basic security awareness&
In 2022, the FBI's Internet Crime Complaint Center received over 800,000 complaints totaling losses exceeding $10.3 billion — a 49% increase over 2021. When I talk to the people behind those numbers, a pattern emerges fast: they didn't understand what was happening to them because
In February 2023, the U.S. Marshals Service confirmed a major ransomware attack that compromised sensitive law enforcement data — including personally identifiable information and internal legal documents. A federal agency with dedicated security staff and government-grade infrastructure still got hit. If you're running a business without those resources,
In 2022, the FBI's Internet Crime Complaint Center (IC3) received over 800,000 complaints with losses exceeding $10.3 billion — and malware was the engine behind a staggering number of those incidents. I've spent years watching organizations get blindsided not because they lacked firewalls, but because
In April 2018, attackers hijacked the DNS servers used by MyEtherWallet and redirected users to a phishing site hosted in Russia. The entire attack lasted roughly two hours. In that window, victims lost around $17 million in cryptocurrency — simply because their browsers resolved a legitimate domain name to a malicious
In March 2022, the Lapsus$ threat actor group breached Okta — a company literally in the business of identity security — by compromising a single employee through a social engineering campaign that started with phishing. If it can happen to an identity provider securing thousands of enterprises, it can happen to your
A Single Email Cost This Company $121 Million In 2017, a Lithuanian man orchestrated a phishing scheme that tricked both Google and Facebook into wiring him over $121 million combined. He sent fake invoices from a spoofed email address impersonating a legitimate hardware vendor. Employees at two of the most
A Single Phish Cost Twilio 163 Million User Records In August 2022, Twilio — a company that powers authentication for thousands of apps — confirmed that attackers used SMS-based phishing to compromise employee credentials. That single phish gave threat actors access to data from 163 customer accounts, which cascaded into a breach
In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — attacks built on a single convincing fake email — caused $2.4 billion in adjusted losses in 2021 alone. That made it the most financially devastating cybercrime category in the entire FBI IC3 annual report.
Twilio disclosed in August that a phishing campaign tricked its employees into handing over credentials via SMS, exposing data tied to over 130 organizations — including Signal users. A few weeks later, Uber suffered a breach when an attacker used social engineering to fatigue an employee with multi-factor authentication push requests
