Tag

Cybersecurity Awareness

Articles on cybersecurity awareness cover the foundational knowledge individuals and organizations need to recognize and respond to digital threats. Topics include safe browsing habits, password hygiene, social engineering tactics, and building a security-first culture across teams.

posts

Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Is — And Why Your Security Team Needs One In March 2024, a mid-size accounting firm lost $2.1 million after an employee clicked a single phishing email disguised as a DocuSign request during tax season. The firm had no phishing simulation program. No playbook. No plan.

Carl B. Johnson Oct 17, 2024 7 min read
Spoofing

Spoofing Attacks: How Hackers Impersonate You

In August 2024, the FBI's Internet Crime Complaint Center warned that business email spoofing remained one of the top reported cybercrime vectors, with Business Email Compromise (BEC) losses exceeding $2.9 billion in 2023 alone. That number doesn't even capture the full picture — because spoofing extends

Carl B. Johnson Oct 07, 2024 7 min read
Spoofing

Spoof Attacks: How Hackers Impersonate to Steal

In March 2024, a finance employee at a Hong Kong multinational wired $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake — a sophisticated spoof that fooled a trained professional

Carl B. Johnson Sep 18, 2024 7 min read
Phishing Email

Phishing Email Tactics in 2024: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started, like almost all of them

Carl B. Johnson Sep 18, 2024 8 min read
Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attackers had spoofed not just an email address or

Carl B. Johnson Aug 19, 2024 8 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.

Carl B. Johnson Jul 23, 2024 8 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

Every week, someone on my team flags a new app or service that employees are asking about. "Hey, is this legit?" It's the single most common security question I hear — and for good reason. The FTC reported over $10 billion in consumer fraud losses in 2023,

Carl B. Johnson Jul 23, 2024 6 min read
Security of Cyberspace

Security of Cyberspace: What Actually Works in 2024

A $12.5 Billion Problem Nobody Can Ignore The FBI's Internet Crime Complaint Center reported $12.5 billion in losses from cybercrime in 2023 — a 22% increase from the prior year. That number represents real money stolen from real organizations, many of whom believed they had adequate defenses.

Carl B. Johnson Jul 10, 2024 7 min read
IT Security

IT Security in 2024: What Actually Works Now

In March 2024, UnitedHealth Group's subsidiary Change Healthcare was hit by a ransomware attack that disrupted insurance claim processing for hospitals and pharmacies across the United States. The company reportedly paid a $22 million ransom. The attack vector? Stolen credentials used to access a remote system that lacked

Carl B. Johnson Jul 10, 2024 7 min read
Home Computer Security

How Can You Protect Your Home Computer in 2024

In February 2024, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 — a 22% increase from the year before. A staggering number of those complaints originated from personal devices. Not corporate servers. Not government networks. Home computers. So how

Carl B. Johnson May 13, 2024 6 min read