Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Cyber Security

Cyber Security in 2021: What Actually Stops Breaches

Colonial Pipeline. JBS Foods. SolarWinds. The first half of 2021 has delivered a masterclass in what happens when cyber security fails at scale. Colonial paid $4.4 million in ransom. JBS paid $11 million. And the SolarWinds fallout — which compromised nine federal agencies and over 100 private companies — is still

Carl B. Johnson Jul 01, 2021 7 min read
IT Security

IT Security in 2021: What Most Organizations Get Wrong

Colonial Pipeline. SolarWinds. Microsoft Exchange. We're barely halfway through 2021 and the breach headlines are relentless. But here's what frustrates me most: the majority of these incidents didn't exploit exotic zero-day vulnerabilities. They exploited basic IT security gaps that organizations have known about for

Carl B. Johnson Jun 01, 2021 7 min read
Web Security Best Practices

Web Security Best Practices: 12 Steps That Actually Work

In March 2021, a single misconfigured web server at a major airline exposed 4.2 million passenger records. Names, email addresses, passport numbers — all sitting in an unprotected cloud bucket. The fix would have taken about fifteen minutes. The breach response cost millions and took months. That's the

Carl B. Johnson Jun 01, 2021 6 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong First

In April 2021, a misconfigured cloud storage bucket at a major Android app developer exposed the personal data of over 100 million users. Names, emails, passwords, chat messages — all sitting in plain view because someone forgot to toggle a single setting. This wasn't an exotic zero-day exploit. It

Carl B. Johnson May 13, 2021 6 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In 2020, Twitter lost control of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — because a 17-year-old used spear phishing to trick a handful of Twitter employees into handing over internal credentials. The attackers didn't blast a million inboxes with a generic "Your account has

Carl B. Johnson May 04, 2021 6 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

One Employee Missed the Red Flags — It Cost $2.3 Million In December 2020, a mid-sized manufacturing company in Ohio wired $2.3 million to what they believed was a long-standing supplier. The invoice looked perfect. The email address was off by a single character. Nobody caught it until the

Carl B. Johnson Apr 16, 2021 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2020, a single spear phishing email sent to a Twitter employee gave attackers access to internal admin tools — and ultimately let them hijack verified accounts belonging to Barack Obama, Elon Musk, and Apple. The attackers walked away with over $100,000 in Bitcoin. That breach didn't start

Carl B. Johnson Apr 15, 2021 7 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Steal Data

In February 2021, the FBI warned that threat actors were sending fake text messages impersonating banks, delivery companies, and even state unemployment agencies — all designed to steal credentials and drain accounts. These weren't theoretical risks. The FBI's Internet Crime Complaint Center (IC3) reported over $54 million

Carl B. Johnson Apr 14, 2021 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In July 2020, a teenager convinced Twitter employees to hand over internal credentials through a phone-based social engineering attack. The result: hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — broadcasting a Bitcoin scam to hundreds of millions of followers. The attacker didn't exploit a

Carl B. Johnson Apr 12, 2021 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams That Bypass Security

In 2020, a teenager and two accomplices convinced a Twitter employee they were from the company's IT department. That single phone call gave them access to internal tools, which they used to hijack 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — netting over $100,

Carl B. Johnson Apr 12, 2021 7 min read