Tag

Phish Setlist

A curated collection of real-world phishing examples and breakdowns that highlight current tactics used by attackers. Each entry dissects the anatomy of a phishing attempt so readers can recognize and avoid similar threats in their own inboxes.

posts

Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Actually Means for Your Security Team When the band Phish takes the stage, they never play the same setlist twice. Every show is crafted for the audience. Your phishing simulation program should work the same way. A phish setlist — a curated, rotating collection of phishing attack

Carl B. Johnson Jun 28, 2026 5 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

One Band's Name Became Cybersecurity's Favorite Metaphor In 2024, the FBI's IC3 report documented over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And yet, most organizations still run phishing simulations like they're checking

Carl B. Johnson Jan 18, 2026 8 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Is — And Why Your Security Team Needs One In March 2024, a mid-size accounting firm lost $2.1 million after an employee clicked a single phishing email disguised as a DocuSign request during tax season. The firm had no phishing simulation program. No playbook. No plan.

Carl B. Johnson Oct 17, 2024 7 min read
Phishing Simulation

Phish Setlist for Security: Building Your Attack Plan

Why Every Security Team Needs a Phish Setlist In March 2022, Okta confirmed that the Lapsus$ threat actor group breached a third-party support engineer's account — and a big part of that attack chain started with social engineering. A single compromised credential. One phishing message that worked. That'

Carl B. Johnson Nov 21, 2022 7 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

Every Great Attack Starts With a Setlist In July 2021, a single phishing email gave a threat actor access to credentials at a Florida IT management firm, triggering the Kaseya VSA ransomware attack that cascaded to over 1,500 businesses worldwide. One click. One employee. One email that someone didn&

Carl B. Johnson Aug 31, 2021 7 min read
Phishing Scams

Phish Setlist Scams: How Attackers Exploit Fan Sites

Your Search for a Phish Setlist Could Land You on a Hacker's Hook Last summer, a colleague of mine — a die-hard Phish fan — searched for a phish setlist from a recent show at Madison Square Garden. He clicked what looked like a legitimate fan site. Within seconds, his

Carl B. Johnson Feb 28, 2020 7 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Playlist

Your Organization Needs a Phish Setlist — Not Just One Test In 2023, the FBI's IC3 received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. Yet most organizations I work with still run the same single phishing simulation once a

Carl B. Johnson Jun 23, 2019 6 min read