Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing Email

Phishing Email Tactics in 2024: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started, like almost all of them

Carl B. Johnson Sep 18, 2024 8 min read
Phishing

Phishing Attacks in 2024: What Actually Works to Stop Them

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. The attack started the same way almost all of them do — with a

Carl B. Johnson Sep 18, 2024 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Talk

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The whole operation started with a single phishing email.

Carl B. Johnson Sep 18, 2024 6 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

In May 2024, the FBI's Internet Crime Complaint Center released data showing that phishing was still the number one reported cybercrime — for the fifth year running. Over 298,000 complaints in 2023 alone. Despite billions spent on email filters and endpoint protection, threat actors keep winning because the

Carl B. Johnson Sep 11, 2024 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks

Carl B. Johnson Aug 01, 2024 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.

Carl B. Johnson Jul 23, 2024 8 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts

Carl B. Johnson Jul 23, 2024 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after attending a deepfake video call where every other "participant" — including the CFO — was an AI-generated impersonation. That single incident redefines what phishing looks like today. If you still

Carl B. Johnson Jul 16, 2024 7 min read
Phishing Psychology

How Phishing Emails Work: The Psychology Behind the Click

A Single Click Cost One Company $100 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing but phishing emails. No zero-day exploits. No advanced malware. Just carefully crafted messages that exploited human psychology. If you want to

Carl B. Johnson May 03, 2024 8 min read
Phishing Training for Employees

Phishing Training for Employees: A Practical Guide

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. One employee. One convincing lure. Twenty-five million dollars gone. That's not a hypothetical — it'

Carl B. Johnson May 03, 2024 7 min read