Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2025

In December 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The real CFO had never scheduled the meeting. This

Carl B. Johnson Sep 22, 2025 7 min read
Whaling Attacks

Whaling Attack Cybersecurity: How Execs Get Targeted

A Single Email Cost This Company $47 Million In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO via email and convinced a finance employee to transfer funds for a fake acquisition. The CEO and CFO were both fired. The company's

Carl B. Johnson Sep 21, 2025 8 min read
Smishing Attack Examples

Smishing Attack Examples: 7 Real Texts That Steal Data

In March 2025, the FBI's IC3 warned that Americans lost over $470 million to phishing and smishing schemes in the prior reporting year — and text-based attacks were growing faster than any other vector. I've personally triaged incidents where a single SMS message led to a six-figure

Carl B. Johnson Sep 21, 2025 8 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Attacks

In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and voice-based social engineering was one of the fastest-growing attack vectors. I've personally investigated cases where a single phone call cost an organization six

Carl B. Johnson Sep 21, 2025 6 min read
Social Engineering Attacks

Social Engineering Attacks: What Actually Works in 2025

In February 2025, a finance employee at a Hong Kong multinational wired $25 million to threat actors after a deepfake video call impersonating the company's CFO. That single incident captures the state of social engineering attacks right now: they're sophisticated, they exploit trust instead of technology,

Carl B. Johnson Sep 21, 2025 7 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks in 2025

In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of

Carl B. Johnson Sep 21, 2025 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The attackers never exploited a software vulnerability. They

Carl B. Johnson Sep 21, 2025 7 min read