Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,

Carl B. Johnson Apr 12, 2026 5 min read
Securing Employee Mobile Devices

Securing Employee Mobile Devices: A Practical Guide

In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the

Carl B. Johnson Apr 11, 2026 5 min read
Securing Employee Mobile Devices

Securing Employee Mobile Devices: A Practical Guide

In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on

Carl B. Johnson Apr 07, 2026 6 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why It Works in 2026

In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.

Carl B. Johnson Apr 03, 2026 5 min read
Cybersecurity for Financial Services

Cybersecurity for Financial Services: A 2026 Playbook

The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the

Carl B. Johnson Mar 29, 2026 5 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

In December 2025, the FBI issued a stark public warning: delete suspicious text messages immediately. The advisory specifically called out a wave of smishing texts — SMS-based phishing attacks — targeting Americans with fake toll road notices, package delivery scams, and fraudulent financial alerts. The bureau's Internet Crime Complaint Center

Carl B. Johnson Jan 18, 2026 7 min read
Phish Tour

Phish Tour: A Guided Walk Through Modern Attacks

Welcome to the Phish Tour Nobody Asked For In March 2025, a finance employee at a mid-size manufacturing firm received a Microsoft Teams message from someone impersonating the CFO. The message included a link to a SharePoint page that looked flawless. Within 90 seconds, the employee entered their credentials. Within

Carl B. Johnson Jan 18, 2026 7 min read