Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing Awareness Program

Phishing Awareness Program: Build One That Works

The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a single social engineering phone call that led to credential theft. The resulting breach caused an estimated $100 million in damages. And it started with

Carl B. Johnson Jul 01, 2026 5 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Actually Means for Your Security Team When the band Phish takes the stage, they never play the same setlist twice. Every show is crafted for the audience. Your phishing simulation program should work the same way. A phish setlist — a curated, rotating collection of phishing attack

Carl B. Johnson Jun 28, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Steals Millions

The Phishing Email That Came From PayPal's Own Servers In late 2024, security researchers at Avanan documented a campaign where threat actors sent phishing invoices through PayPal's actual invoicing system — meaning the emails passed SPF, DKIM, and DMARC checks flawlessly. The same tactic has since merged

Carl B. Johnson Jun 24, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Scams Still Working

The Email That Cost One Company $121 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $121 million from Google and Facebook using nothing more than fake invoices and spoofed email addresses. No zero-day exploits. No sophisticated malware. Just phishing emails that looked like they

Carl B. Johnson Jun 21, 2026 6 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

In 2023, a single phishing email cost MGM Resorts an estimated $100 million. The threat actor didn't exploit a zero-day vulnerability or deploy exotic malware. They called the help desk, impersonated an employee found on LinkedIn, and got a password reset. That's it. If you'

Carl B. Johnson Jun 19, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How Attackers Exploit Trust

A Legitimate Invoice From PayPal — That's Also a Scam In late 2024, security researchers at Avanan documented a campaign where threat actors sent real PayPal invoices to victims — not spoofed emails, not lookalike domains, but actual invoices generated through PayPal's own platform. The emails passed every

Carl B. Johnson Jun 09, 2026 5 min read