Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing

How to Spot a Phishing Email: 9 Red Flags That Matter

In March 2022, the Lapsus$ threat actor group breached Okta — a company literally in the business of identity security — by compromising a single employee through a social engineering campaign that started with phishing. If it can happen to an identity provider securing thousands of enterprises, it can happen to your

Carl B. Johnson Jan 09, 2023 8 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $121 Million In 2017, a Lithuanian man orchestrated a phishing scheme that tricked both Google and Facebook into wiring him over $121 million combined. He sent fake invoices from a spoofed email address impersonating a legitimate hardware vendor. Employees at two of the most

Carl B. Johnson Dec 25, 2022 7 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns Explained

A Ransomware Gang That Starts With Your Inbox In 2022, the Medusa ransomware gang emerged as one of the most aggressive threat actors targeting organizations through phishing campaigns. They don't kick down the front door — they walk through it with stolen credentials, harvested from carefully crafted phishing emails

Carl B. Johnson Dec 25, 2022 6 min read
Phishing

Phish: Why Employees Still Take the Bait in 2022

A Single Phish Cost Twilio 163 Million User Records In August 2022, Twilio — a company that powers authentication for thousands of apps — confirmed that attackers used SMS-based phishing to compromise employee credentials. That single phish gave threat actors access to data from 163 customer accounts, which cascaded into a breach

Carl B. Johnson Dec 25, 2022 6 min read
Fake Email

Fake Email: How to Spot It Before It Costs You

In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — attacks built on a single convincing fake email — caused $2.4 billion in adjusted losses in 2021 alone. That made it the most financially devastating cybercrime category in the entire FBI IC3 annual report.

Carl B. Johnson Dec 25, 2022 6 min read
Phishing

Phishing in 2022: What Actually Works to Stop It

Twilio disclosed in August that a phishing campaign tricked its employees into handing over credentials via SMS, exposing data tied to over 130 organizations — including Signal users. A few weeks later, Uber suffered a breach when an attacker used social engineering to fatigue an employee with multi-factor authentication push requests

Carl B. Johnson Dec 18, 2022 6 min read
Phishing Simulation

Phish Setlist for Security: Building Your Attack Plan

Why Every Security Team Needs a Phish Setlist In March 2022, Okta confirmed that the Lapsus$ threat actor group breached a third-party support engineer's account — and a big part of that attack chain started with social engineering. A single compromised credential. One phishing message that worked. That'

Carl B. Johnson Nov 21, 2022 7 min read
Phish Tour

Phish Tour: Simulated Attacks That Train Your Team

One Clicked Link Cost This Company Everything In September 2022, a single employee at Uber clicked a link in a social engineering attack. The threat actor, reportedly affiliated with Lapsus$, used that foothold to access internal systems, Slack channels, and cloud infrastructure. The breach made global headlines — not because Uber&

Carl B. Johnson Nov 21, 2022 7 min read
Phishing Email

Phishing Email Attacks: What Actually Works to Stop Them

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's

Carl B. Johnson Oct 18, 2022 6 min read