Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
In 2024, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing — making it the most reported cybercrime for the fifth consecutive year. Yet when I ask employees in training sessions to give me a phishing definition, most of them describe a Nigerian prince
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. I've spent years helping organizations respond to these attacks, and the pattern is always the same: someone clicks a link
In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing phone call — a single, targeted social engineering attack against an IT help desk employee — to breach one of the largest casino operators on the planet. The attacker found the employee'
The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready In late 2024, the FBI issued a stark public service announcement: threat actors are using generative AI to craft phishing emails so convincing that even seasoned IT professionals struggle to spot them. The
A Developer Nearly Lost Everything to a Fake Google Support Call In early 2025, a widely reported attack targeted Gmail users with a phone call that appeared to come from Google's actual support number. The caller — using AI-generated voice — told the victim their account had been compromised. They
Last year, a finance director at a mid-size logistics company wired $1.2 million to a threat actor who sent a single phishing email impersonating the CEO. The email contained no malware, no suspicious attachments, and no misspelled words. It simply asked for an urgent wire transfer, referenced a real
A Single Phishing Email Cost This Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing — often misspelled as "phising" — remained the most reported cybercrime category, with hundreds of thousands of complaints filed in a single year. But the raw numbers don&
The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In early 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in vishing and smishing campaigns targeting businesses and individuals across the United States. The 2023 IC3 Annual Report documented over
The $4.88 Million Email That Looked Completely Normal In 2023, a finance employee at a midsize manufacturing firm received an email from what appeared to be the CEO. It referenced a real acquisition the company was working on. It used the CEO's actual email signature. The employee
Your Old AIM Email Address Is Still a Liability In December 2017, AOL officially shut down AIM — AOL Instant Messenger — ending a 20-year run that defined how an entire generation communicated online. But here's what most people don't realize: the credentials tied to AIM email accounts
