Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In early 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in vishing and smishing campaigns targeting businesses and individuals across the United States. The 2023 IC3 Annual Report documented over
The $4.88 Million Email That Looked Completely Normal In 2023, a finance employee at a midsize manufacturing firm received an email from what appeared to be the CEO. It referenced a real acquisition the company was working on. It used the CEO's actual email signature. The employee
Your Old AIM Email Address Is Still a Liability In December 2017, AOL officially shut down AIM — AOL Instant Messenger — ending a 20-year run that defined how an entire generation communicated online. But here's what most people don't realize: the credentials tied to AIM email accounts
Your Inbox Is a Buffet — and Attackers Are Feeding In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The cost? Over $100 million in losses. The attacker didn't exploit a zero-day
A Single Fake Email Cost This Company $37 Million In 2024, Japanese pharmaceutical giant Nikkei disclosed that a single employee wired approximately $29 million to a fraudulent account after receiving what appeared to be a legitimate email from a senior executive. They aren't alone. The FBI's
A Single FakeEmail Cost One Company $37 Million In 2024, Orion SA, a Luxembourg-based steel trading company, disclosed it lost approximately $60 million after an employee was tricked by a business email compromise scheme using fraudulent email communications. That same year, the FBI's IC3 received over 21,000
A Single PayPal Email Cost One Business Owner $68,000 I got the call on a Tuesday morning. A small business owner in Ohio had received what looked like a routine PayPal dispute notification. She clicked the link, entered her credentials, and within four hours, a threat actor had drained
3.4 Billion Phishing Emails Hit Inboxes Every Single Day That number comes straight from industry research, and if anything, it understates the problem. Spam email isn't just an annoyance clogging your inbox with fake weight-loss ads anymore. It's the primary delivery mechanism for ransomware, credential
The Phone Call That Cost One Company $23.5 Million In 2024, a finance executive at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The voice on the
Last year, a finance director at a mid-sized logistics company clicked a link in what looked like a DocuSign notification. Fourteen seconds later, a threat actor had her Microsoft 365 credentials. Within two hours, the attacker had redirected a $380,000 wire transfer to an overseas account. The link she
