Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. But here's what the raw numbers don't tell you: every single one of those incidents started with a

Carl B. Johnson May 06, 2026 5 min read
Phish Food

Phish Food: What Employees Click and Why It Works

Your Employees Are Hungry — And Threat Actors Are Cooking In 2023, the FBI's Internet Crime Complaint Center (IC3) logged over 298,000 phishing complaints — more than any other cybercrime category for the fifth year running. That's nearly 817 reported phishing attacks per day. And those are

Carl B. Johnson May 05, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

A Single Email That Cost $100 Million In 2019, Toyota Boshoku Corporation lost $37 million after an employee followed wire transfer instructions in a fraudulent email. Facebook and Google collectively lost over $100 million to a Lithuanian threat actor who sent fake invoices posing as a hardware vendor. These aren&

Carl B. Johnson May 05, 2026 5 min read
Phishing

Phishing Attacks in 2026: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Lands You Here Here's something I find fascinating — "phising" is one of the most commonly misspelled cybersecurity terms on the internet. If you searched for it, you're in exactly the right place. Phishing (with the

Carl B. Johnson May 02, 2026 6 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past an IT help desk — with a single phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital key cards across Las

Carl B. Johnson Apr 29, 2026 5 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Your Team Must Know

In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,

Carl B. Johnson Apr 22, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

In late 2024, security researchers at Avanan documented a surge of phishing campaigns that weaponized legitimate DocuSign and PayPal infrastructure to deliver convincing credential theft attacks. The emails didn't come from spoofed domains. They came from the actual DocuSign and PayPal platforms — which is exactly why they sailed

Carl B. Johnson Apr 22, 2026 5 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2026 Survival Guide

Last March, a finance director at a mid-size logistics company wired $2.1 million to a threat actor who had spoofed the CEO's email address. The message looked perfect — right tone, right signature, right sense of urgency. The only thing wrong was the reply-to domain, off by a

Carl B. Johnson Apr 20, 2026 5 min read