Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In 2023, a single compromised file transfer tool — MOVEit — cascaded into breaches affecting over 2,600 organizations and roughly 90 million individuals. The threat actor, the Cl0p ransomware group, didn't need to hack each victim directly. They exploited one vendor, and the dominoes fell. That's third

Carl B. Johnson Jul 27, 2020 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: How Your Logins End Up for Sale

In May 2024, the FBI and international partners seized BreachForums — one of the largest marketplaces where stolen credentials on the dark web were bought and sold in bulk. The forum had facilitated the sale of billions of compromised records, including credentials tied to U.S. government agencies, healthcare organizations, and

Carl B. Johnson Jun 25, 2020 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A 2026 Guide

The Breach That Started With a Single Stolen Identity In 2023, a midsize accounting firm in the Midwest lost access to its entire client database — not because of a sophisticated zero-day exploit, but because a threat actor used a partner's stolen credentials purchased on the dark web. The

Carl B. Johnson May 11, 2020 7 min read
Phishing Awareness

How to Spot a Phishing Email: 9 Red Flags to Catch

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of phishing — accounted for over $2.9 billion in adjusted losses. That's not a typo. Billions. And it all starts with a

Carl B. Johnson Mar 04, 2020 7 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

10,000 Malicious Domains and Counting In early 2025, the FBI issued a stark public warning about a massive smishing campaign — fraudulent SMS text messages — targeting Americans across all 50 states. The FBI warning on smishing texts wasn't routine. It described a coordinated operation leveraging more than 10,

Carl B. Johnson Feb 28, 2020 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The total cost exceeded $100 million. The attacker didn't exploit a zero-day vulnerability or crack military-grade encryption. They impersonated an employee found

Carl B. Johnson Feb 27, 2020 6 min read