Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Cybersecurity

Cybersecurity in 2022: What Actually Works Now

The Breach That Should Have Changed Everything In March 2022, the Lapsus$ group breached Okta, Microsoft, Samsung, and Nvidia in rapid succession — not by deploying sophisticated zero-day exploits, but by buying stolen credentials, social engineering help desk employees, and exploiting MFA fatigue. A group reportedly led by teenagers embarrassed some

Carl B. Johnson Aug 23, 2022 7 min read
Web Security Best Practices

Web Security Best Practices That Actually Stop Breaches

In March 2022, the Lapsus$ group breached Okta by compromising a third-party support engineer's laptop — and suddenly, thousands of organizations realized their web security posture was only as strong as their weakest vendor's. That single incident forced a reckoning across the industry. If your organization runs

Carl B. Johnson Jul 30, 2022 7 min read
NIST Standards

NIST Standards: A Practical Guide to Real Security

In March 2022, the Verizon Data Breach Investigations Report team released preliminary findings showing that 82% of breaches involved the human element — phishing, stolen credentials, and social engineering. Meanwhile, most organizations I work with still treat NIST standards like a dusty compliance checkbox rather than what they actually are: a

Carl B. Johnson Jun 20, 2022 7 min read
Security in Cloud Computing

Security in Cloud Computing: What Actually Goes Wrong

In April 2022, researchers at Wiz discovered that Microsoft Azure's PostgreSQL Flexible Server had vulnerabilities allowing cross-account database access. They called it ExtraReplica, and it affected thousands of Azure databases. This wasn't a theoretical exercise — it was a real demonstration that security in cloud computing remains

Carl B. Johnson May 26, 2022 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's account — and the initial access vector was social engineering. One employee, one credential, and suddenly a company trusted by thousands of organizations was in the headlines. If you think phishing only targets

Carl B. Johnson May 25, 2022 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of spear phishing — caused $2.4 billion in adjusted losses in 2021 alone. That dwarfs every other cybercrime category. Meanwhile, broad phishing campaigns still top the list as the most common attack

Carl B. Johnson May 25, 2022 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a direct descendant of spear phishing — cost organizations over $2.4 billion in 2021 alone. That number dwarfs ransomware losses. Yet most people I talk to still think phishing means a badly written email

Carl B. Johnson Apr 22, 2022 6 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In February 2022, the FBI warned that Americans lost over $68 million to smishing and vishing scams in a single year — and that number only counted what victims actually reported to the FBI's IC3. The real figure is almost certainly multiples higher. I've spent the last

Carl B. Johnson Apr 22, 2022 8 min read