Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Cybersecurity Policy for Employees

Cybersecurity Policy for Employees: A Practical Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They exploited a gap in employee policy — specifically, the identity verification process for password resets. A strong cybersecurity

Carl B. Johnson Jul 05, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

Last year, a mid-size accounting firm in Ohio lost $1.2 million after a single employee clicked one link in a spoofed Microsoft 365 email. The link looked like a routine password-reset page. It wasn't. Within 90 minutes, a threat actor had harvested credentials, bypassed weak authentication, and

Carl B. Johnson Jun 28, 2026 5 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong First

Capital One Lost 100 Million Records — The Cloud Wasn't the Problem In 2019, a former AWS employee exploited a misconfigured web application firewall and exfiltrated over 100 million Capital One customer records. The cloud infrastructure worked exactly as designed. The humans configuring it didn't. That breach

Carl B. Johnson Jun 27, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Steals Millions

The Phishing Email That Came From PayPal's Own Servers In late 2024, security researchers at Avanan documented a campaign where threat actors sent phishing invoices through PayPal's actual invoicing system — meaning the emails passed SPF, DKIM, and DMARC checks flawlessly. The same tactic has since merged

Carl B. Johnson Jun 24, 2026 5 min read