Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In March 2025, CISA and the FBI issued a joint advisory warning that the Medusa ransomware gang had compromised over 300 organizations across critical infrastructure sectors — healthcare, education, legal, insurance, and manufacturing. The attack vector in the vast majority of cases? Phishing. Not some exotic zero-day exploit. Not a nation-state
That Gmail Account Access Warning Might Be Real — Or It Might Be the Attack Itself In early 2024, a sophisticated phishing campaign targeted Gmail users with emails that looked exactly like legitimate Google security alerts. The messages warned of suspicious sign-in activity and directed users to a pixel-perfect fake login
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated category of fake email — caused adjusted losses exceeding $2.9 billion in a single year. That wasn't from exotic zero-day exploits. It was from emails that looked real but weren'
In 2024, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee, and gained access to internal systems. The initial vector? A social engineering call informed by information harvested through phishing. One phone call. One convincing story. Nine figures in damages. If
10,000 Malicious Domains and Counting In early 2025, the FBI issued a stark public warning about a massive smishing campaign — fraudulent SMS text messages — targeting Americans across all 50 states. The FBI warning on smishing texts wasn't routine. It described a coordinated operation leveraging more than 10,
They Don't Just Send One Email — They Run a Phish Tour In 2023, the FBI's IC3 received over 298,000 phishing complaints, making it the most reported cybercrime category for the fifth consecutive year. But here's the part that doesn't make the
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the single most reported cybercrime for the fifth consecutive year. Yet when I ask executives what phishing actually is, most give me a vague answer about "fake emails." That&
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider used a spear phishing phone call to trick a help desk employee into resetting credentials. One call. One employee. One hundred million dollars. That's not a bulk spam campaign — that's
When the FBI Tells You to Pay Attention, Pay Attention In late 2024, the FBI issued a stark public service announcement warning that threat actors are leveraging generative AI to craft highly convincing phishing campaigns — and Gmail's 1.8 billion users sit squarely in the crosshairs. The FBI
One Phishing Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than fraudulent invoices and carefully crafted phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices to accounts payable
