Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

NIST Standards

NIST Standards: A Practical Guide for Real Security

In April 2021, the Colonial Pipeline hadn't yet made global headlines — but the SolarWinds breach was still fresh, and the Microsoft Exchange Server vulnerabilities had just rattled tens of thousands of organizations. Every one of those incidents had something in common: the affected organizations either ignored or incompletely

Carl B. Johnson May 15, 2021 7 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Pipeline Went Dark — Because One Person Clicked On May 7, 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down operations after a ransomware attack. The disruption caused fuel shortages across the southeastern U.S. and triggered panic buying. While the full forensic details are still

Carl B. Johnson May 13, 2021 7 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2021

On May 7, 2021 — less than a week ago — Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack that started with a single compromised credential. One password. No multi-factor authentication. An entire region's fuel supply disrupted. This is the kind of incident that

Carl B. Johnson May 13, 2021 7 min read
Phishing Training for Employees

Phishing Training for Employees: What Actually Works

Colonial Pipeline just shut down 5,500 miles of fuel infrastructure this week. One compromised password. That's all it took. While forensic details are still emerging, the early reporting points to a single set of stolen credentials — likely obtained through a social engineering attack on an employee. If

Carl B. Johnson May 13, 2021 7 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

A Single Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices, and both tech giants paid up — for years.

Carl B. Johnson May 04, 2021 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

One Employee Missed the Red Flags — It Cost $2.3 Million In December 2020, a mid-sized manufacturing company in Ohio wired $2.3 million to what they believed was a long-standing supplier. The invoice looked perfect. The email address was off by a single character. Nobody caught it until the

Carl B. Johnson Apr 16, 2021 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In December 2020, the Treasury Department and the Department of Commerce confirmed they'd been breached through a supply chain attack that started, in part, with carefully crafted phishing emails targeting key personnel. If federal agencies with dedicated security teams can get caught, your organization isn't immune

Carl B. Johnson Apr 15, 2021 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In March 2020, a single phishing email led to a credential theft incident at Magellan Health that exposed data on 365,000 patients. The attacker impersonated a Magellan executive, tricked one employee, and spent five days inside the network before anyone noticed. A functioning phishing awareness program might have stopped

Carl B. Johnson Apr 15, 2021 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

In March 2021, a single employee at a water treatment plant in Oldsmar, Florida, watched someone remotely take control of their screen and attempt to increase sodium hydroxide levels to dangerous concentrations. The attacker got in through a shared TeamViewer password. No advanced exploit. No zero-day. Just poor cybersecurity awareness

Carl B. Johnson Apr 12, 2021 6 min read