Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready In late 2024, the FBI issued a stark public service announcement: threat actors are using generative AI to craft phishing emails so convincing that even seasoned IT professionals struggle to spot them. The
A Developer Nearly Lost Everything to a Fake Google Support Call In early 2025, a widely reported attack targeted Gmail users with a phone call that appeared to come from Google's actual support number. The caller — using AI-generated voice — told the victim their account had been compromised. They
Last year, a finance director at a mid-size logistics company wired $1.2 million to a threat actor who sent a single phishing email impersonating the CEO. The email contained no malware, no suspicious attachments, and no misspelled words. It simply asked for an urgent wire transfer, referenced a real
A Single Phishing Email Cost This Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing — often misspelled as "phising" — remained the most reported cybercrime category, with hundreds of thousands of complaints filed in a single year. But the raw numbers don&
The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In early 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in vishing and smishing campaigns targeting businesses and individuals across the United States. The 2023 IC3 Annual Report documented over
The $4.88 Million Email That Looked Completely Normal In 2023, a finance employee at a midsize manufacturing firm received an email from what appeared to be the CEO. It referenced a real acquisition the company was working on. It used the CEO's actual email signature. The employee
Your Old AIM Email Address Is Still a Liability In December 2017, AOL officially shut down AIM — AOL Instant Messenger — ending a 20-year run that defined how an entire generation communicated online. But here's what most people don't realize: the credentials tied to AIM email accounts
Your Inbox Is a Buffet — and Attackers Are Feeding In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The cost? Over $100 million in losses. The attacker didn't exploit a zero-day
A Single Fake Email Cost This Company $37 Million In 2024, Japanese pharmaceutical giant Nikkei disclosed that a single employee wired approximately $29 million to a fraudulent account after receiving what appeared to be a legitimate email from a senior executive. They aren't alone. The FBI's
A Single FakeEmail Cost One Company $37 Million In 2024, Orion SA, a Luxembourg-based steel trading company, disclosed it lost approximately $60 million after an employee was tricked by a business email compromise scheme using fraudulent email communications. That same year, the FBI's IC3 received over 21,000
