Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Computer Security Security

Computer Security Security: Layers That Actually Work

The Redundancy in "Computer Security Security" Is the Whole Point When the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. Southeast in 2021, the root cause wasn't exotic. It was a single compromised VPN credential without multi-factor authentication. One layer failed, and

Carl B. Johnson Apr 28, 2026 5 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used carefully crafted emails — impersonating executives — to trick finance employees into wiring $46.7 million to overseas accounts. That wasn't a mass spam campaign. It was spear phishing: a surgical, researched, devastatingly

Carl B. Johnson Apr 28, 2026 6 min read
Ransomware Protection

Ransomware Protection Tips That Actually Work in 2026

A Single Click Cost One Hospital Chain $100 Million In 2024, Change Healthcare — the largest health payment processing company in the U.S. — was hit by the ALPHV/BlackCat ransomware gang. The attack disrupted claims processing for thousands of providers nationwide. UnitedHealth Group, Change Healthcare's parent company, disclosed

Carl B. Johnson Apr 27, 2026 5 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

A Single Fraud Ring Stole $6 Million Before Anyone Noticed In 2023, the FBI's IC3 received over 880,000 cybercrime complaints with losses exceeding $12.5 billion — a 22% increase from the prior year. A growing share of those losses came from coordinated fraud operations, not lone hackers

Carl B. Johnson Apr 26, 2026 5 min read
Ransomware Recovery Steps

Ransomware Recovery Steps: A Battle-Tested Playbook

In February 2024, Change Healthcare — a subsidiary processing roughly one-third of all U.S. medical claims — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted pharmacy operations nationwide for weeks, cost UnitedHealth Group an estimated $872 million in the first quarter alone, and exposed the personal health data

Carl B. Johnson Apr 25, 2026 5 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Bypass Filters

In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual

Carl B. Johnson Apr 24, 2026 6 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Your Team Must Know

In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,

Carl B. Johnson Apr 22, 2026 5 min read
Social Engineering Examples

Social Engineering Examples: Real Attacks Happening Now

A Teenager Breached Uber. No Malware Required. In September 2022, an 18-year-old compromised Uber's internal systems — not with a sophisticated zero-day exploit, but with a text message. The attacker bombarded an Uber contractor with multi-factor authentication push requests until the contractor finally approved one. From there, the threat

Carl B. Johnson Apr 22, 2026 6 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

In late 2024, security researchers at Avanan documented a surge of phishing campaigns that weaponized legitimate DocuSign and PayPal infrastructure to deliver convincing credential theft attacks. The emails didn't come from spoofed domains. They came from the actual DocuSign and PayPal platforms — which is exactly why they sailed

Carl B. Johnson Apr 22, 2026 5 min read