Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.
posts
In early 2024, a finance employee at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every person on the call was a deepfake. The employee transferred $25.6 million to threat actors before anyone realized
The Breach That Cost a Children's Charity Everything In 2023, Save the Children International confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with substantial resources still
A Single Misconfigured Bucket Cost Them Everything In 2023, Toyota disclosed that a cloud misconfiguration had exposed the vehicle location data of 2.15 million customers for over a decade. The root cause wasn't a sophisticated threat actor. It was a single storage bucket set to public instead
Your Employees Already Built a Second IT Department In 2023, a Gartner survey found that 41% of employees acquired, modified, or created technology outside of IT's visibility. By now, that number has only grown. If you're asking what is shadow IT, the short answer is this:
The Text Message That Cost a Company $15 Million In 2022, Twilio disclosed a breach that started with a simple SMS message. Employees received text messages impersonating the IT department, directing them to a fake login page. Several entered their credentials. That single vector — mobile phishing attacks delivered via text
The CEO Who Clicked the Link In 2024, the SEC charged SolarWinds' CISO with fraud and internal control failures tied to the massive breach that compromised federal agencies and Fortune 500 companies. That case sent shockwaves through every boardroom in America — not because of the technical details, but because
The SEC Changed Everything — Most Boards Still Haven't Caught Up In July 2023, the SEC adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. Since then, I've reviewed dozens
The CEO Who Wired $47 Million to a Threat Actor In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the company's CEO via email and convinced an employee in the finance department to transfer funds for a fake acquisition project. The CEO
In January 2024, a massive dataset known as the "Mother of All Breaches" surfaced containing 26 billion records — credentials scraped, aggregated, and repackaged from hundreds of previous data breaches. Usernames. Passwords. Email addresses. All of it sitting on dark web forums, available to anyone willing to pay. If
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They just talked their way
