Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.
posts
In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the
The Hiring Manager Doesn't Care Where You Studied I've reviewed hundreds of resumes for security analyst and incident response roles over the years. Here's what surprises most people: an online computer security degree carries the same weight as one earned on a physical campus
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on
In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the
In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the
In January 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of account takeover — cost victims over $1.8 billion in 2020 alone. That made it the costliest category of cybercrime by a wide margin. Not ransomware. Not credit card fraud. Account takeover.
In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run
In January 2021, the FBI warned that cybercriminals were actively exploiting telecommuters by intercepting unencrypted network traffic — a textbook man in the middle attack. The shift to remote work didn't just expand the attack surface. It handed threat actors a golden opportunity to sit between employees and corporate
