Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phish Tour

Phish Tour: Walk Through a Real Phishing Attack

A Single Email Cost This Company $25 Million In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after a deepfake video call that started with one phishing email. That's not a hypothetical. That happened. And it began the same way nearly

Carl B. Johnson Oct 17, 2024 7 min read
Phishing

Definition of a Phishing Attack: What It Really Looks Like

In March 2024, a finance employee at a Hong Kong-based multinational wired $25.6 million to threat actors after a video call with what appeared to be the company's CFO. It was a deepfake. But the attack started the same way almost every phishing attack starts — with a

Carl B. Johnson Oct 17, 2024 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In January 2024, a finance employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The attackers had spent weeks researching the company's org chart,

Carl B. Johnson Sep 18, 2024 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

In May 2024, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing over $12.5 billion in cybercrime losses for 2023 — with phishing and spoofing topping the list at nearly 300,000 complaints. Now, the FBI warns Gmail users of sophisticated AI-driven phishing attacks that

Carl B. Johnson Sep 18, 2024 7 min read
Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2024

In May 2024, the FBI's Internet Crime Complaint Center reported that phishing — including sophisticated attacks targeting Gmail users — remained the number one reported cybercrime for the third year running. Over 298,000 phishing complaints landed at IC3 in 2023 alone, and 2024 is tracking even higher. The Gmail

Carl B. Johnson Sep 18, 2024 6 min read
Phishing Email

Phishing Email Tactics in 2024: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started, like almost all of them

Carl B. Johnson Sep 18, 2024 8 min read
Phishing

Phishing Attacks in 2024: What Actually Works to Stop Them

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. The attack started the same way almost all of them do — with a

Carl B. Johnson Sep 18, 2024 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Talk

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The whole operation started with a single phishing email.

Carl B. Johnson Sep 18, 2024 6 min read
Phishing Emails

How to Spot Phishing Emails: A Practical Guide

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated cousin of phishing — accounted for over $2.9 billion in adjusted losses in 2023 alone. That's not a typo. And those are just

Carl B. Johnson Sep 11, 2024 8 min read