Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Smishing

FBI Warning on Smishing Texts: What You Must Do Now

10,000 Malicious Domains and Counting In early 2025, the FBI issued a stark public warning about a massive smishing campaign — fraudulent SMS text messages — targeting Americans across all 50 states. The FBI warning on smishing texts wasn't routine. It described a coordinated operation leveraging more than 10,

Carl B. Johnson Feb 28, 2020 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The total cost exceeded $100 million. The attacker didn't exploit a zero-day vulnerability or crack military-grade encryption. They impersonated an employee found

Carl B. Johnson Feb 27, 2020 6 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider used a spear phishing phone call to trick a help desk employee into resetting credentials. One call. One employee. One hundred million dollars. That's not a bulk spam campaign — that's

Carl B. Johnson Feb 23, 2020 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

When the FBI Tells You to Pay Attention, Pay Attention In late 2024, the FBI issued a stark public service announcement warning that threat actors are leveraging generative AI to craft highly convincing phishing campaigns — and Gmail's 1.8 billion users sit squarely in the crosshairs. The FBI

Carl B. Johnson Feb 23, 2020 7 min read
Phishing Emails

How to Spot Phishing Emails Before They Cost You

In March 2024, a finance director at a mid-size manufacturer in Ohio received an email from what appeared to be the company CEO. The message asked for an urgent wire transfer to close a confidential acquisition. The email looked flawless — correct logo, matching font, even a convincing signature block. She

Carl B. Johnson Feb 16, 2020 7 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

Your Inbox Is a Buffet — And Threat Actors Are Cooking In March 2023, the FBI's Internet Crime Complaint Center reported that phishing was the number one crime type by victim count for the fifth year running, with over 298,000 complaints in a single year. Every one of

Carl B. Johnson Feb 16, 2020 7 min read
What Is Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Email That Cost One Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. He sent fake invoices from a spoofed vendor email address. Employees at two of the most technically sophisticated companies on

Carl B. Johnson Jan 23, 2020 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic

Carl B. Johnson Jan 19, 2020 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at engineering firm Arup joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The employee transferred $25 million across multiple transactions

Carl B. Johnson Jan 09, 2020 7 min read