Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee

Carl B. Johnson Jan 09, 2020 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams Costing Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the company's IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The entire breach started with a phone call and a convincing story. That story — the fabricated

Carl B. Johnson Jan 09, 2020 7 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost This Company $36 Million In 2023, MGM Resorts lost an estimated $100 million after a threat actor socially engineered the company's help desk with a single phone call. The attacker impersonated an employee, convinced an IT worker to reset credentials, and from there pivoted through

Carl B. Johnson Dec 14, 2019 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training That Won't Cost You

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called IT support, impersonated an employee found on LinkedIn, and

Carl B. Johnson Nov 30, 2019 6 min read
Data Breach Response Plan

Data Breach Response Plan: Build One Before You Need It

The Breach Already Happened — Now What? In March 2023, Latitude Financial discovered a threat actor had accessed 14 million customer records — driver's license numbers, passport copies, financial statements. Their initial disclosure said 328,000 records. Within weeks, that number ballooned to 14 million. The company didn't

Carl B. Johnson Nov 26, 2019 7 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Real-World Guide

In early 2024, a finance employee at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every person on the call was a deepfake. The employee transferred $25.6 million to threat actors before anyone realized

Carl B. Johnson Sep 28, 2019 7 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Practical Defense Guide

The Breach That Cost a Children's Charity Everything In 2023, Save the Children International confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with substantial resources still

Carl B. Johnson Sep 10, 2019 6 min read
Cloud Storage Security Risks

Cloud Storage Security Risks Your Team Is Ignoring

A Single Misconfigured Bucket Cost Them Everything In 2023, Toyota disclosed that a cloud misconfiguration had exposed the vehicle location data of 2.15 million customers for over a decade. The root cause wasn't a sophisticated threat actor. It was a single storage bucket set to public instead

Carl B. Johnson Sep 10, 2019 7 min read
Shadow IT

What Is Shadow IT? The Hidden Risk You Can't Ignore

Your Employees Already Built a Second IT Department In 2023, a Gartner survey found that 41% of employees acquired, modified, or created technology outside of IT's visibility. By now, that number has only grown. If you're asking what is shadow IT, the short answer is this:

Carl B. Johnson Sep 08, 2019 7 min read