Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

The Text Message That Cost a Company $15 Million In 2022, Twilio disclosed a breach that started with a simple SMS message. Employees received text messages impersonating the IT department, directing them to a fake login page. Several entered their credentials. That single vector — mobile phishing attacks delivered via text

Carl B. Johnson Sep 08, 2019 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What the C-Suite Gets Wrong

The CEO Who Clicked the Link In 2024, the SEC charged SolarWinds' CISO with fraud and internal control failures tied to the massive breach that compromised federal agencies and Fortune 500 companies. That case sent shockwaves through every boardroom in America — not because of the technical details, but because

Carl B. Johnson Aug 20, 2019 7 min read
Board-Level Cybersecurity Awareness

Board-Level Cybersecurity Awareness: A 2026 Guide

The SEC Changed Everything — Most Boards Still Haven't Caught Up In July 2023, the SEC adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. Since then, I've reviewed dozens

Carl B. Johnson Aug 20, 2019 7 min read
Executive Phishing Attacks

Executive Phishing Attacks: Why the C-Suite Is Target #1

The CEO Who Wired $47 Million to a Threat Actor In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the company's CEO via email and convinced an employee in the finance department to transfer funds for a fake acquisition project. The CEO

Carl B. Johnson Aug 14, 2019 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: Where Your Passwords End Up

In January 2024, a massive dataset known as the "Mother of All Breaches" surfaced containing 26 billion records — credentials scraped, aggregated, and repackaged from hundreds of previous data breaches. Usernames. Passwords. Email addresses. All of it sitting on dark web forums, available to anyone willing to pay. If

Carl B. Johnson Jul 25, 2019 7 min read
Phish

How to Phish Your Own Employees Before Hackers Do

A Single Phish Email Cost One Company $37 Million In 2024, Orion SA disclosed that a single employee fell for a business email compromise scheme and wired approximately $60 million to a threat actor's accounts. The company recovered some funds, but the net loss still exceeded $37 million.

Carl B. Johnson Jul 04, 2019 6 min read
Phish Tour

Phish Tour: How Attackers Rotate Tactics to Hook You

In early 2024, researchers at Proofpoint documented a campaign where a single threat actor group rotated through at least six distinct phishing lure templates in under three weeks — targeting financial services, healthcare, and education sectors in sequence. Security teams that recognized the first lure missed the second. Those who caught

Carl B. Johnson Jun 23, 2019 6 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing phone call — a single, targeted social engineering attack against an IT help desk employee — to breach one of the largest casino operators on the planet. The attacker found the employee'

Carl B. Johnson Jun 18, 2019 7 min read