Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.
posts
In 2024, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing — making it the most reported cybercrime for the fifth consecutive year. Yet when I ask employees in training sessions to give me a phishing definition, most of them describe a Nigerian prince
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. I've spent years helping organizations respond to these attacks, and the pattern is always the same: someone clicks a link
A CFO, a Spoofed Email, and a $37 Million Wire Transfer In 2024, the FBI's Internet Crime Complaint Center (IC3) continued reporting staggering losses from business email compromise — a category where spoofing is the engine that makes the scam work. Threat actors forge sender addresses, manipulate caller IDs,
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing phone call — a single, targeted social engineering attack against an IT help desk employee — to breach one of the largest casino operators on the planet. The attacker found the employee'
The CEO Email That Cost a Company $47 Million In 2015, Ubiquiti Networks disclosed that attackers impersonating company executives via spoofed emails tricked employees into wiring $46.7 million to overseas accounts. The emails looked legitimate. The sender addresses appeared correct. No malware was involved. The entire attack hinged on
The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready In late 2024, the FBI issued a stark public service announcement: threat actors are using generative AI to craft phishing emails so convincing that even seasoned IT professionals struggle to spot them. The
A Developer Nearly Lost Everything to a Fake Google Support Call In early 2025, a widely reported attack targeted Gmail users with a phone call that appeared to come from Google's actual support number. The caller — using AI-generated voice — told the victim their account had been compromised. They
Last year, a finance director at a mid-size logistics company wired $1.2 million to a threat actor who sent a single phishing email impersonating the CEO. The email contained no malware, no suspicious attachments, and no misspelled words. It simply asked for an urgent wire transfer, referenced a real
A Single Phishing Email Cost This Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing — often misspelled as "phising" — remained the most reported cybercrime category, with hundreds of thousands of complaints filed in a single year. But the raw numbers don&
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — caused adjusted losses exceeding $2.9 billion. That single category of email fraud outpaced every other cybercrime type in financial damage. And those are just the cases that got
