Tag

Phishing Attacks

In-depth coverage of phishing attacks, including spear phishing, whaling, vishing, and smishing campaigns. Posts analyze attack methods, explore recent phishing trends, and provide defensive strategies that help organizations reduce their exposure to credential theft and data breaches.

posts

Phish Tour

Phish Tour: A Guided Tour Through Modern Phishing

Welcome to the Phish Tour Nobody Asked For In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call. The threat actor convinced a help desk employee to reset credentials. Total estimated cost: over $100 million. That attack didn&

Carl B. Johnson Apr 17, 2026 5 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

76,000 Victims and Counting — The FBI's Smishing Alert Is Serious In early 2024, the FBI and FTC issued urgent warnings about a massive smishing campaign impersonating toll collection agencies and delivery services across all 50 states. By late 2025, the IC3 had cataloged tens of thousands of

Carl B. Johnson Apr 13, 2026 5 min read
Social Engineering Examples

Social Engineering Examples That Fool Even Experts

The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas

Carl B. Johnson Apr 04, 2026 5 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In May 2025, the FBI's Internet Crime Complaint Center reported that phishing was — for the ninth consecutive year — the most-reported cybercrime category, with over 300,000 complaints in a single year. That number only counts the people who bothered to report it. The real volume is staggering. Yet

Carl B. Johnson Jan 17, 2026 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of

Carl B. Johnson Dec 13, 2025 8 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Email

In January 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — much of it powered by spoofed sender addresses — cost American organizations over $2.9 billion in 2023 alone. Behind a huge share of those losses sits a deceptively simple tool: the fake mailer. These

Carl B. Johnson Nov 06, 2025 6 min read
FBI Gmail Warning

FBI Gmail Warning: What You Need to Know in 2025

The FBI Gmail Alert That Should Have Changed How You Think About Email In late 2024, the FBI issued a stark warning: AI-driven phishing attacks targeting Gmail users had become so sophisticated that even technically savvy professionals were falling for them. The advisory wasn't hypothetical. It was based

Carl B. Johnson Nov 06, 2025 7 min read
Ransomware Examples

Ransomware Examples 2025: Real Attacks Shaping Defenses

Ransomware Isn't Slowing Down — It's Shapeshifting In February 2024, Change Healthcare suffered what became one of the most devastating ransomware attacks in U.S. history. The ALPHV/BlackCat ransomware group crippled the nation's largest health care payment processor, disrupting pharmacies, hospitals, and insurance claims

Carl B. Johnson Jul 19, 2025 7 min read
Phish Tour

Phish Tour: Walk Through a Real Phishing Attack

A Single Email Cost This Company $25 Million In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after a deepfake video call that started with one phishing email. That's not a hypothetical. That happened. And it began the same way nearly

Carl B. Johnson Oct 17, 2024 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. It started, like almost every attack of its kind, with

Carl B. Johnson Sep 11, 2024 7 min read