Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Stolen Credentials Dark Web

Stolen Credentials Dark Web: How Your Logins Get Sold

In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the

Carl B. Johnson Sep 23, 2021 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A Field Guide

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run

Carl B. Johnson Sep 16, 2021 7 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2021, the FBI warned that cybercriminals were actively exploiting telecommuters by intercepting unencrypted network traffic — a textbook man in the middle attack. The shift to remote work didn't just expand the attack surface. It handed threat actors a golden opportunity to sit between employees and corporate

Carl B. Johnson Sep 03, 2021 7 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida managed service provider, which cascaded into the massive Kaseya VSA ransomware attack affecting up to 1,500 businesses worldwide. One click. One employee who didn't know how to spot

Carl B. Johnson Aug 31, 2021 8 min read
Smishing

FBI Warning on Smishing Texts: How to Fight Back

16,000 Complaints and Counting: Why the FBI Is Sounding the Alarm In February 2021, the FBI's Internet Crime Complaint Center (IC3) began tracking a dramatic spike in smishing — phishing attacks delivered via SMS text messages. The FBI warning on smishing texts wasn't hypothetical. It came

Carl B. Johnson Aug 31, 2021 6 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

Every Great Attack Starts With a Setlist In July 2021, a single phishing email gave a threat actor access to credentials at a Florida IT management firm, triggering the Kaseya VSA ransomware attack that cascaded to over 1,500 businesses worldwide. One click. One employee. One email that someone didn&

Carl B. Johnson Aug 31, 2021 7 min read