Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Credential Stuffing Attack

Credential Stuffing Attack: How to Stop It Cold

23 Billion Stolen Credentials Are Already For Sale In January 2023, cybersecurity researchers at Digital Shadows reported over 24.6 billion stolen username-and-password pairs circulating on dark web marketplaces. That's roughly three credentials for every person on Earth. And every single one of them is a loaded weapon

Carl B. Johnson Jun 06, 2023 7 min read
Smishing

FBI Warning on Smishing Texts: How to Protect Yourself

In early 2022, the FBI issued a stark warning: cybercriminals were registering over 10,000 malicious domains specifically designed to support SMS phishing — or "smishing" — campaigns targeting American consumers. These weren't sloppy, typo-filled messages from a decade ago. They were polished, urgent, and devastatingly effective. The

Carl B. Johnson Dec 18, 2022 6 min read
Phish Tour

Phish Tour: Simulated Attacks That Train Your Team

One Clicked Link Cost This Company Everything In September 2022, a single employee at Uber clicked a link in a social engineering attack. The threat actor, reportedly affiliated with Lapsus$, used that foothold to access internal systems, Slack channels, and cloud infrastructure. The breach made global headlines — not because Uber&

Carl B. Johnson Nov 21, 2022 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2022

Twilio, a company with a sophisticated security team and a tech-savvy workforce, got phished in August 2022. Attackers sent SMS messages to employees pretending to be the IT department, directing them to a fake login page. The result: compromised credentials, unauthorized access to customer data, and a breach that rippled

Carl B. Johnson Nov 21, 2022 6 min read
Spoofing

Spoofing Attacks: How Hackers Impersonate Your Trust

In March 2022, the FBI warned that business email compromise schemes — many of which rely heavily on spoofing — had caused over $43 billion in global losses since 2016. That's not a typo. Forty-three billion. And the most unsettling part? The attacks didn't require elite hacking skills.

Carl B. Johnson Oct 24, 2022 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In March 2022, the threat actor group Lapsus$ breached Okta by spear phishing a single support engineer at a third-party contractor. That one compromised account gave the attackers a foothold that ultimately affected roughly 366 Okta customers. Not a mass email blast. Not a Nigerian prince scam. One carefully researched,

Carl B. Johnson Oct 24, 2022 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready Earlier this year, the FBI's Internet Crime Complaint Center (IC3) reported that phishing schemes — including business email compromise — accounted for over $2.7 billion in adjusted losses in 2021 alone. Now,

Carl B. Johnson Oct 24, 2022 7 min read