This tag addresses spoofing techniques used by attackers to impersonate trusted entities across email, phone calls, IP addresses, and websites. Articles explain how spoofing works technically, the risks it poses, and the detection and prevention methods available to individuals and security teams.
posts
The CEO Who Wired $47 Million to a Criminal In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after threat actors spoofed the CEO's email and instructed a finance employee to wire funds for a fake acquisition. The employee believed the request was legitimate. The
A CFO Wired $25 Million Because of a Spoofed Video Call In early 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million after joining a video conference call where every other participant — including the company's CFO — was a deepfake. The threat actors
In March 2025, the FBI's Internet Crime Complaint Center reported that spoofing-related fraud accounted for billions in losses across American businesses and individuals. Every major data breach investigation I've worked on in the past five years started the same way — someone trusted something that wasn'
In August 2024, the FBI's Internet Crime Complaint Center warned that business email spoofing remained one of the top reported cybercrime vectors, with Business Email Compromise (BEC) losses exceeding $2.9 billion in 2023 alone. That number doesn't even capture the full picture — because spoofing extends
In March 2024, a finance employee at a Hong Kong multinational wired $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake — a sophisticated spoof that fooled a trained professional
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attackers had spoofed not just an email address or
In March 2022, the FBI warned that business email compromise schemes — many of which rely heavily on spoofing — had caused over $43 billion in global losses since 2016. That's not a typo. Forty-three billion. And the most unsettling part? The attacks didn't require elite hacking skills.
A Single Spoof Email Cost This Company $121 Million In 2019, Toyota Boshoku Corporation disclosed that a subsidiary lost $37 million after an attacker used a spoofed email to impersonate a senior executive and authorize a fraudulent wire transfer. That wasn't an isolated case. Business email compromise (BEC)
In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — a scheme built almost entirely on spoofing — cost victims over $2.4 billion in 2021 alone. That made it the single most financially devastating category of cybercrime they tracked. Not ransomware. Not cryptojacking. Spoofing-based
In July 2020, a seventeen-year-old in Florida used phone-based spoofing and social engineering to compromise internal Twitter tools, hijacking the verified accounts of Barack Obama, Elon Musk, Jeff Bezos, and Apple. The attackers impersonated IT staff during phone calls to Twitter employees, spoofing caller IDs to appear legitimate. Within hours,
