Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phishing Training for Employees

Phishing Training for Employees: A Practical Guide

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. One employee. One convincing lure. Twenty-five million dollars gone. That's not a hypothetical — it'

Carl B. Johnson May 03, 2024 7 min read
Phishing Email Detection

How to Recognize a Phishing Email Before You Click

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors — all because of a phishing email that led to a deepfake video call. That incident made global headlines, but here's what didn't: the thousands of nearly identical

Carl B. Johnson May 03, 2024 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

One Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation — a major Toyota parts supplier — lost $37 million after an employee wired funds to a fraudster posing as a legitimate business partner. That same year, Nikkei's American subsidiary lost $29 million to a nearly identical scheme.

Carl B. Johnson May 03, 2024 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Breaches

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. It started with a phishing email. Every catastrophic breach I've investigated over the past decade traces

Carl B. Johnson May 02, 2024 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call that started with a single phishing email. The attackers spoofed the company's CFO — and the employee never questioned it. That wire transfer began

Carl B. Johnson May 02, 2024 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call where every other participant — including the company's CFO — was a deepfake. The attackers had spent weeks studying publicly available video of those executives,

Carl B. Johnson May 02, 2024 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In January 2024, a single phishing email led to the breach of roughly 26 billion records in what researchers dubbed the "Mother of All Breaches" — a compilation leak aggregating data from LinkedIn, Twitter, Dropbox, and dozens of other platforms. That staggering number puts something into sharp focus: every

Carl B. Johnson May 02, 2024 7 min read
Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2024

In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise accounted for $2.9 billion in adjusted losses — making it the single costliest category of cybercrime they track. Not ransomware. Not credit card fraud. Email scams where someone pretends to be your CEO, your vendor,

Carl B. Johnson May 02, 2024 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In January 2023, Reddit disclosed that an attacker had used a carefully crafted phishing email — targeting a specific employee with internal details about the company — to steal credentials and access internal systems. It wasn't a mass-blast scam. It was a precision strike. That's spear phishing in

Carl B. Johnson May 02, 2024 7 min read