Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In January 2023, Reddit disclosed that an attacker had used a carefully crafted phishing email — targeting a specific employee with internal details about the company — to steal credentials and access internal systems. It wasn't a mass-blast scam. It was a precision strike. That's spear phishing in

Carl B. Johnson May 02, 2024 7 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Attacks

The Phone Call That Cost One Company $25 Million In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after receiving a video call that appeared to include the company's CFO and other colleagues — all deepfake recreations. The attack started with a

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The employee, convinced by

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks That Worked

In September 2023, a teenager used a phone call to trick an MGM Resorts employee into resetting credentials. That single social engineering attack cost MGM an estimated $100 million. No malware exploit. No zero-day vulnerability. Just a convincing voice on the other end of a help desk line. If you

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call where every other participant — including the CFO — was a deepfake. The attackers had studied publicly available footage, cloned voices and faces, and orchestrated an elaborate social engineering attack that

Carl B. Johnson Apr 07, 2024 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident

Carl B. Johnson Mar 24, 2024 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

October Ends. The Phishing Emails Don't. Every October, organizations plaster break rooms with cybersecurity posters, blast out a few reminder emails, and call it a win. Then November rolls around, and the same employees click the same malicious links. I've watched this cycle repeat for over

Carl B. Johnson Feb 28, 2024 7 min read