Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Cloud Computing Security

Cloud Computing Security: What Goes Wrong in 2025

In January 2025, the Verizon Data Breach Investigations Report team was already tracking a sharp rise in cloud-specific intrusions — a trend that accelerated throughout the year. By mid-2025, roughly 45% of all breaches involved cloud assets, up significantly from prior years. If your organization moved to the cloud and assumed

Carl B. Johnson Sep 27, 2025 7 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

In March 2025, a finance director at a mid-sized manufacturing company wired $2.3 million to a bank account in Southeast Asia. The request came from what looked like the CEO's email — same signature, same tone, same thread about an acquisition they'd been discussing for weeks.

Carl B. Johnson Sep 27, 2025 8 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2025

In March 2025, a mid-size logistics company in the Midwest lost $2.3 million after a single employee clicked a fake DocuSign link. The attacker harvested credentials, pivoted into the company's financial systems, and initiated wire transfers over a long weekend. The employee had never received phishing awareness

Carl B. Johnson Sep 25, 2025 8 min read
Phishing Email

How to Recognize a Phishing Email Before You Click

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number one reported cybercrime by volume, with over 298,000 complaints in a single year. But here's the part that should keep

Carl B. Johnson Sep 25, 2025 8 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects

Carl B. Johnson Sep 22, 2025 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2025 Survival Guide

In May 2025, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number-one reported cybercrime for the fifth consecutive year, with losses tied to business email compromise alone exceeding $2.9 billion annually in recent reports. I've spent over two decades

Carl B. Johnson Sep 22, 2025 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In March 2025, a mid-size healthcare provider in the Midwest lost 1.4 million patient records because one employee in accounts payable clicked a link in a fake DocuSign email. The organization had antivirus software, a firewall, and an email gateway. What they didn't have was a phishing

Carl B. Johnson Sep 22, 2025 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In May 2024, a single employee at a major healthcare provider clicked a phishing link disguised as a routine benefits update. Within 72 hours, the organization lost access to 14 million patient records and ended up paying a multimillion-dollar ransom. The employee had technically "passed" their annual compliance

Carl B. Johnson Aug 17, 2025 8 min read