Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Stolen Credentials Dark Web

Stolen Credentials Dark Web: What You Must Know in 2025

Your Employees' Passwords Are Probably Already for Sale In January 2024, researchers discovered a file called "Naz.API" circulating on dark web forums containing over 71 million unique email addresses paired with plaintext passwords — many harvested by credential-stealing malware. That's not a hypothetical. That'

Carl B. Johnson Feb 28, 2025 7 min read
Trojan Horse Malware

Trojan Horse Malware: How It Gets In and How to Stop It

In September 2023, MGM Resorts watched helplessly as its systems went dark — slot machines frozen, hotel check-ins offline, operations paralyzed for ten days. The estimated cost exceeded $100 million. The attack vector? Social engineering that led to credential theft, which opened the door for malware deployment across the enterprise. That&

Carl B. Johnson Dec 19, 2024 7 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2024, security researchers at Sekoia documented a massive adversary-in-the-middle campaign that used phishing kits to intercept Microsoft 365 credentials and session tokens in real time — bypassing multi-factor authentication entirely. The attack wasn't theoretical. It hit thousands of organizations across multiple industries. And it reminded every security

Carl B. Johnson Dec 19, 2024 8 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In January 2024, a finance employee at a multinational firm in Hong Kong joined what appeared to be a routine video call with the company's CFO. Everything looked normal — the CFO's face, voice, and mannerisms were all spot-on. The employee followed instructions and wired $25 million

Carl B. Johnson Dec 10, 2024 7 min read
Phish

Phish: Why One Click Still Causes Million-Dollar Breaches

In January 2024, a finance employee at engineering firm Arup received an email inviting them to a video call with the company's CFO. Everything looked legitimate — the email, the meeting link, even the faces on the screen. It was all a deepfake-powered phish. That single interaction cost Arup

Carl B. Johnson Nov 07, 2024 7 min read