Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong in 2025

The Breach That Started With a Single Misconfigured S3 Bucket In 2023, Toyota disclosed that the vehicle data of 2.15 million customers had been publicly accessible for over a decade — because a cloud database was set to public instead of private. No sophisticated threat actor. No zero-day exploit. Just

Carl B. Johnson Sep 27, 2025 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects

Carl B. Johnson Sep 22, 2025 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider socially engineered its way past the help desk with a single phone call. But the reconnaissance that made that call possible? It started with spear phishing — targeted research, crafted messaging, and a specific human

Carl B. Johnson Sep 22, 2025 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The attackers never exploited a software vulnerability. They

Carl B. Johnson Sep 21, 2025 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In May 2024, a single employee at a major healthcare provider clicked a phishing link disguised as a routine benefits update. Within 72 hours, the organization lost access to 14 million patient records and ended up paying a multimillion-dollar ransom. The employee had technically "passed" their annual compliance

Carl B. Johnson Aug 17, 2025 8 min read