Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing Email Detection

How to Recognize a Phishing Email Before You Click

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors — all because of a phishing email that led to a deepfake video call. That incident made global headlines, but here's what didn't: the thousands of nearly identical

Carl B. Johnson May 03, 2024 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

One Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation — a major Toyota parts supplier — lost $37 million after an employee wired funds to a fraudster posing as a legitimate business partner. That same year, Nikkei's American subsidiary lost $29 million to a nearly identical scheme.

Carl B. Johnson May 03, 2024 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That attack didn't start with a mass spam blast. It started with a carefully researched, individually targeted spear phishing email.

Carl B. Johnson May 02, 2024 6 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Breaches

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. It started with a phishing email. Every catastrophic breach I've investigated over the past decade traces

Carl B. Johnson May 02, 2024 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call that started with a single phishing email. The attackers spoofed the company's CFO — and the employee never questioned it. That wire transfer began

Carl B. Johnson May 02, 2024 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In January 2024, a single phishing email led to the breach of roughly 26 billion records in what researchers dubbed the "Mother of All Breaches" — a compilation leak aggregating data from LinkedIn, Twitter, Dropbox, and dozens of other platforms. That staggering number puts something into sharp focus: every

Carl B. Johnson May 02, 2024 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident

Carl B. Johnson Mar 24, 2024 7 min read
Security Awareness Training Program

Security Awareness Training Program: Build One That Works

In January 2024, Microsoft disclosed that a Russian threat actor group — Midnight Blizzard — had breached executive email accounts using a simple password spray attack against a legacy test account that lacked multi-factor authentication. One of the most technically sophisticated companies on the planet, compromised by one of the oldest tricks

Carl B. Johnson Mar 24, 2024 8 min read