Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phishing Scams

What Is a Phishing Scam? A Real-World Guide for 2025

In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing

Carl B. Johnson Dec 27, 2025 7 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags to Catch Now

The Email That Cost MGM Resorts $100 Million In September 2023, a single social engineering attack — starting with a phone call but rooted in the same deception principles as phishing emails — led to a breach at MGM Resorts that cost the company over $100 million. The threat actors behind the

Carl B. Johnson Dec 13, 2025 7 min read
Phish Food

Phish Food: What Makes Employees Easy Targets

Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types

Carl B. Johnson Dec 13, 2025 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of

Carl B. Johnson Dec 13, 2025 8 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Bypass Filters

In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every

Carl B. Johnson Dec 13, 2025 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One

Carl B. Johnson Dec 13, 2025 7 min read
Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Trust

In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and phone-based fraud, driven largely by spoofing caller techniques, remains one of the fastest-growing categories. I've watched organizations with solid email security get gutted

Carl B. Johnson Dec 09, 2025 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Bypasses Filters

A Legitimate DocuSign Email That Steals Your PayPal Credentials In November 2024, Avanan researchers documented a wave of attacks where threat actors sent phishing emails through DocuSign's actual platform — not spoofed emails, but real DocuSign notifications. The documents inside impersonated PayPal invoices requesting payment authorization for hundreds or

Carl B. Johnson Dec 05, 2025 7 min read