Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Cybersecurity Definition

Cybersecurity Definition: What It Really Means in 2026

In 2023, MGM Resorts lost roughly $100 million after a social engineering phone call — a single phone call — gave threat actors the foothold they needed to deploy ransomware across the company's entire infrastructure. If you Google "cybersecurity definition," you'll get a tidy textbook answer

Carl B. Johnson Jun 04, 2026 5 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In January 2024, a finance employee at a multinational engineering firm in Hong Kong wired $25 million to threat actors after a video call with what appeared to be the company's CFO. The call was a deepfake. But the attack started weeks earlier — with a single spear phishing

Carl B. Johnson Jun 02, 2026 5 min read
Cybersecurity for Law Firms

Cybersecurity for Law Firms: A Practical Guide

In November 2023, the international law firm Allen & Overy confirmed it was hit by a LockBit ransomware attack. Weeks earlier, a midsize firm in the southeastern U.S. paid a seven-figure ransom after a threat actor encrypted every client file on its network — and the firm never made headlines

Carl B. Johnson May 29, 2026 5 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now #1 Target

Your Employees' Phones Are the Weakest Link In March 2024, MGM Resorts was still dealing with the fallout of a social engineering attack that started with a simple phone call. But here's what most people missed in the post-incident analysis: the reconnaissance that made that attack possible

Carl B. Johnson May 29, 2026 5 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, pretended to be an employee, and talked their way into a password reset. No malware. No zero-day exploit. Just a phone call and a convincing story. That single incident shut down slot machines,

Carl B. Johnson May 26, 2026 6 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: What Happens After a Breach

In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available

Carl B. Johnson May 25, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a single phishing link in a spoofed Microsoft 365 email gave attackers access to the email accounts of several U.S. State Department employees. The link looked like a routine password-reset page. It wasn't. That one click led to weeks of unauthorized access before anyone

Carl B. Johnson May 23, 2026 5 min read
Phishing Awareness

How to Recognize a Phishing Email Before You Click

The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, sent a convincing email, and an employee wired the funds. No malware. No zero-day exploit. Just one phishing email that

Carl B. Johnson May 22, 2026 6 min read