Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In March 2021, Google disclosed that it blocks more than 100 million phishing emails daily — and Gmail remains the single largest target for sophisticated credential theft campaigns worldwide. The FBI's Internet Crime Complaint Center (IC3) reported that phishing was the number one crime type by victim count in
36% of All Breaches Start With a Phishing Email The 2021 Verizon Data Breach Investigations Report made something painfully clear: phishing was involved in 36% of all confirmed data breaches — up from 25% the year before. That's not a trend. That's an escalation. And if your
91% of Cyberattacks Start With Fake Mail That's not a guess. The Verizon 2021 Data Breach Investigations Report confirmed that phishing was present in 36% of breaches — up from 25% the year before. And when you broaden the lens to include all forms of social engineering delivered through
In January 2020, the FBI and CISA issued a joint advisory warning organizations about a wave of vishing attacks targeting remote workers. By mid-2021, the problem has only gotten worse. The FBI's Internet Crime Complaint Center (IC3) reported over 240,000 phishing, vishing, and smishing complaints in 2020
In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida-based managed service provider, ultimately cascading into the massive Kaseya VSA supply-chain ransomware attack that hit over 1,500 businesses worldwide. One email. One click. Billions in damages. If you've
In March 2021, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the sophisticated cousin of fake emails — caused over $1.8 billion in losses during 2020 alone. That made it the costliest category of cybercrime they tracked. Not ransomware. Not credit card fraud. Fake emails
The FakeEmail That Cost One Company $75 Million In 2020, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail techniques — generated over $1.8 billion in losses in a single year. That made it the costliest category of cybercrime, beating ransomware by
In January 2021, a wave of PayPal phishing attacks hit inboxes so convincingly that even security-savvy professionals did a double take. The emails replicated PayPal's branding pixel-for-pixel, warned of "unusual activity" on the recipient's account, and linked to a login page hosted on a
In March 2021, the FBI's Internet Crime Complaint Center reported that Americans lost over $54 million to phone spoofing and vishing schemes in the previous year alone. That number was climbing. And it wasn't just grandparents falling for "IRS" calls — it was finance directors
In July 2020, attackers spoofed internal Twitter tools to hijack 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in hours. The attack didn't rely on some exotic zero-day exploit. It relied on spoofing: making something fake
