Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Phishing Scams

What Is a Phishing Scam? A Real-World Guide for 2025

In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing

Carl B. Johnson Dec 27, 2025 7 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags to Catch Now

The Email That Cost MGM Resorts $100 Million In September 2023, a single social engineering attack — starting with a phone call but rooted in the same deception principles as phishing emails — led to a breach at MGM Resorts that cost the company over $100 million. The threat actors behind the

Carl B. Johnson Dec 13, 2025 7 min read
Phish Food

Phish Food: What Makes Employees Easy Targets

Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types

Carl B. Johnson Dec 13, 2025 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of

Carl B. Johnson Dec 13, 2025 8 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One

Carl B. Johnson Dec 13, 2025 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Bypasses Filters

A Legitimate DocuSign Email That Steals Your PayPal Credentials In November 2024, Avanan researchers documented a wave of attacks where threat actors sent phishing emails through DocuSign's actual platform — not spoofed emails, but real DocuSign notifications. The documents inside impersonated PayPal invoices requesting payment authorization for hundreds or

Carl B. Johnson Dec 05, 2025 7 min read
Phishing Attack

Phishing Attack Trends in 2025: What Actually Works Now

A Single Phishing Attack Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider impersonated an MGM Resorts employee during a help desk call. That single social engineering interaction led to a ransomware deployment that shut down slot machines, hotel key cards, and reservation systems across

Carl B. Johnson Dec 05, 2025 7 min read
Phishing Scams

Phishing Scams in 2025: What's Actually Working Now

The Phishing Email That Cost One Company $60 Million In January 2024, a finance employee at the engineering firm Arup wired $25 million after attending a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. That

Carl B. Johnson Nov 28, 2025 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

The Virus That Cost a Hospital Chain $100 Million In 2017, the NotPetya wiper malware tore through networks worldwide in under 24 hours. Heritage Valley Health System lost access to its entire network — radiology, cardiology, even surgical systems went dark. Across the globe, Maersk lost nearly $300 million. Merck reported

Carl B. Johnson Nov 06, 2025 7 min read
Security for System

Security for System Environments: A 2025 Field Guide

The Breach That Started With a Single Unpatched System In February 2024, UnitedHealth Group's subsidiary Change Healthcare suffered a ransomware attack that disrupted healthcare payment processing across the United States for weeks. The attackers gained access through a Citrix remote access portal that lacked multi-factor authentication. One system.

Carl B. Johnson Nov 06, 2025 7 min read