Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing

Phishing Attacks in 2026: How to Spot and Stop Them

In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that phishing was the most frequently reported cybercrime — again. Over 193,000 complaints were filed for phishing alone, and the real number is far higher since most incidents go unreported. I've spent years watching organizations get

Carl B. Johnson Feb 16, 2020 6 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

The Fake Mail That Drained $37 Million In 2024, Toyota Boshoku Corporation disclosed a business email compromise attack where a threat actor used fake mail to trick a finance executive into wiring approximately $37 million to a fraudulent bank account. The email looked legitimate. The sender address was nearly identical

Carl B. Johnson Feb 16, 2020 6 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

The $4.88 Million Email That Looked Completely Normal In 2024, IBM's Cost of a Data Breach Report pegged the average breach cost at $4.88 million — a record high. And phishing remained the most common initial attack vector. I've investigated dozens of these incidents firsthand,

Carl B. Johnson Feb 16, 2020 6 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

Your Inbox Is a Buffet — And Threat Actors Are Cooking In March 2023, the FBI's Internet Crime Complaint Center reported that phishing was the number one crime type by victim count for the fifth year running, with over 298,000 complaints in a single year. Every one of

Carl B. Johnson Feb 16, 2020 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime category for the fifth year running. That's not a number on a slide deck. That's hundreds of thousands of real organizations bleeding money,

Carl B. Johnson Feb 16, 2020 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches Dissected

In 2022, a single phishing email sent to a Twilio employee led to the compromise of 163 customer accounts, including high-profile targets like Signal. The attacker didn't exploit a zero-day vulnerability or brute-force a password. They sent a text message that looked like it came from Twilio'

Carl B. Johnson Jan 23, 2020 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — more than any other cybercrime category. That number has only grown since. I've spent years helping organizations respond to phishing incidents, and the pattern is almost always the same: someone clicks a

Carl B. Johnson Jan 19, 2020 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic

Carl B. Johnson Jan 19, 2020 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers

Carl B. Johnson Jan 19, 2020 7 min read