Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Smishing

FBI Warning on Smishing Texts: What You Must Do Now

10,000 Fake Domains and Counting In early 2024, the FBI issued a stark FBI warning on smishing texts targeting Americans in every state. The attack campaign involved over 10,000 newly registered domains impersonating toll collection agencies, delivery services, and government agencies. Victims received text messages claiming they owed

Carl B. Johnson Oct 17, 2024 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a video call with what appeared to be the company's CFO. It was a deepfake. The attack started with a single phishing email. If your phishing definition still

Carl B. Johnson Oct 17, 2024 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In January 2024, a finance employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The attackers had spent weeks researching the company's org chart,

Carl B. Johnson Sep 18, 2024 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

In May 2024, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing over $12.5 billion in cybercrime losses for 2023 — with phishing and spoofing topping the list at nearly 300,000 complaints. Now, the FBI warns Gmail users of sophisticated AI-driven phishing attacks that

Carl B. Johnson Sep 18, 2024 7 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In January 2024, a finance employee at Arup — a multinational engineering firm — joined a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The employee transferred $25 million to accounts controlled by threat actors. The attack

Carl B. Johnson Sep 18, 2024 7 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

In May 2024, the FBI's Internet Crime Complaint Center released data showing that phishing was still the number one reported cybercrime — for the fifth year running. Over 298,000 complaints in 2023 alone. Despite billions spent on email filters and endpoint protection, threat actors keep winning because the

Carl B. Johnson Sep 11, 2024 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In June 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be legitimate emails and even joining a deepfake video call with someone impersonating the company's CFO. The attack started with fake emails. Every single

Carl B. Johnson Sep 02, 2024 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

In January 2023, PayPal disclosed that threat actors had compromised nearly 35,000 user accounts through credential stuffing — not by breaking PayPal's systems, but by exploiting reused passwords harvested from other breaches. That incident made headlines, but it's the quieter, daily grind of PayPal phishing attacks

Carl B. Johnson Aug 19, 2024 6 min read