Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing

Phishing Attacks in 2022: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags That Matter

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most common cybercrime in 2021, with over 323,000 victims — more than double the count from 2019. That number is climbing again in 2022. If you're searching for how to spot

Carl B. Johnson Sep 22, 2022 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

A Single Email Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that employees had been tricked into wiring $46.7 million to overseas accounts controlled by attackers. The weapon wasn't malware or a zero-day exploit. It was email. If you've ever asked

Carl B. Johnson Sep 22, 2022 7 min read
Supply Chain Attacks

Removed Legitimate Apps? How Attackers Exploit Trust

When Trusted Software Becomes Your Biggest Threat In March 2022, researchers confirmed that threat actors had compromised the update mechanism for Asus software, ultimately pushing malware to nearly a million machines. The attackers hadn't built anything from scratch. They had removed legitimate code from a trusted update pipeline

Carl B. Johnson Sep 22, 2022 6 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How to Spot This Sneaky Scam

A Perfectly Forged Invoice That Almost Worked Last month, a controller at a mid-sized logistics company forwarded me an email she'd almost clicked. It looked like a DocuSign envelope notification for a PayPal invoice — complete with the yellow DocuSign button, a legitimate-looking PayPal logo, and a $3,200

Carl B. Johnson Sep 04, 2022 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Really Start

In March 2022, threat actor group Lapsus$ breached Okta by compromising a single support engineer's laptop — an attack chain that started with social engineering and credential theft. One employee. One set of stolen credentials. And suddenly, a company trusted by thousands of organizations to manage authentication was scrambling

Carl B. Johnson Sep 04, 2022 7 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In March 2022, the threat actor group Lapsus$ breached Okta, Microsoft, and Samsung — not through some sophisticated zero-day exploit, but through phishing scams and social engineering that tricked employees into handing over credentials. A group reportedly led by teenagers compromised some of the largest technology companies on the planet. If

Carl B. Johnson Sep 04, 2022 7 min read
Phishing

Define Phishing: What It Really Looks Like in 2022

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor — potentially impacting hundreds of enterprise customers downstream. The attack didn't exploit some exotic zero-day. It exploited a human being who clicked a link. If you're here to define phishing,

Carl B. Johnson Aug 23, 2022 6 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong and How to Fix It

In April 2022, researchers at Palo Alto Unit 42 reported that nearly 99% of cloud user accounts, services, and resources grant excessive permissions — permissions that are granted but never used. That gap between what's allowed and what's needed is exactly where threat actors operate. If you&

Carl B. Johnson Jun 20, 2022 6 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Single Email Cost This Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. His method wasn't a zero-day exploit or cutting-edge malware. It was emails. Carefully crafted, psychologically precise emails that

Carl B. Johnson May 26, 2022 7 min read