Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that attackers used carefully crafted emails impersonating company executives to trick finance employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They exploited trust. That's spear

Carl B. Johnson May 21, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called the MGM Resorts help desk, impersonated an employee found on LinkedIn, and convinced IT staff to reset credentials. The result: ten days of operational chaos, encrypted systems, and an estimated $100 million in

Carl B. Johnson May 20, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a finance employee at a Hong Kong multinational wired $25 million to threat actors after clicking a single link in what appeared to be a routine email from the company's CFO. That link led to a deepfake video call — but it started with something deceptively

Carl B. Johnson May 18, 2026 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. The attacker didn't blast out a million generic emails. They researched one finance executive, crafted one convincing message, and walked away with the money. That&

Carl B. Johnson May 17, 2026 5 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

In March 2024, a finance employee at a multinational firm wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. The attack started with a single phishing email. That one message opened the door to a loss most companies would never recover

Carl B. Johnson May 13, 2026 5 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In 2023, the FBI's IC3 reported over $5.6 billion in losses from phishing and its variants — and smishing, the SMS-based cousin, drove a massive chunk of that number. I've watched smishing evolve from clumsy "you won a prize" texts into sophisticated, multi-step social

Carl B. Johnson May 10, 2026 5 min read
Cloud Storage Security Risks

Cloud Storage Security Risks: What's Actually Exposing You

A Single Misconfigured Bucket Exposed 3 Billion Records In 2021, Cognyte left an unsecured database containing over 5 billion records — scraped from previous breaches — sitting in a cloud storage instance with no authentication required. Anyone with a browser could reach it. That's not a sophisticated nation-state attack. That&

Carl B. Johnson May 09, 2026 5 min read
Fake Email

Fake Email: How to Spot One Before It Costs You

In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on

Carl B. Johnson May 06, 2026 5 min read
Phish Food

Phish Food: What Employees Click and Why It Works

Your Employees Are Hungry — And Threat Actors Are Cooking In 2023, the FBI's Internet Crime Complaint Center (IC3) logged over 298,000 phishing complaints — more than any other cybercrime category for the fifth year running. That's nearly 817 reported phishing attacks per day. And those are

Carl B. Johnson May 05, 2026 5 min read