Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phish Food

Phish Food: What Threat Actors Serve Your Employees

In May 2024, the FBI's Internet Crime Complaint Center released data showing that phishing was still the number one reported cybercrime — for the fifth year running. Over 298,000 complaints in 2023 alone. Despite billions spent on email filters and endpoint protection, threat actors keep winning because the

Carl B. Johnson Sep 11, 2024 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. It started, like almost every attack of its kind, with

Carl B. Johnson Sep 11, 2024 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In June 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be legitimate emails and even joining a deepfake video call with someone impersonating the company's CFO. The attack started with fake emails. Every single

Carl B. Johnson Sep 02, 2024 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

That Email From Your CEO? It Was a FakeEmail. In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after attending a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a

Carl B. Johnson Aug 19, 2024 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

In January 2023, PayPal disclosed that threat actors had compromised nearly 35,000 user accounts through credential stuffing — not by breaking PayPal's systems, but by exploiting reused passwords harvested from other breaches. That incident made headlines, but it's the quieter, daily grind of PayPal phishing attacks

Carl B. Johnson Aug 19, 2024 6 min read
Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Trust

In March 2024, the FBI's Internet Crime Complaint Center reported that Americans lost over $10 billion to cybercrime in 2023 — and a staggering portion of those losses started with a single phone call from a number the victim trusted. A spoofing caller doesn't need to hack

Carl B. Johnson Aug 19, 2024 7 min read
AI Phishing Attacks

Gmail Users Warned About Sophisticated AI-Driven Phishing

In May 2024, a Google security consultant named Sam Mitrovic nearly fell for a phishing call that used a convincing AI-generated voice impersonating Google support. The caller had a legitimate-looking Google phone number, referenced real account activity, and spoke with the polished fluency of a native English speaker. The only

Carl B. Johnson Aug 19, 2024 8 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks

Carl B. Johnson Aug 01, 2024 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.

Carl B. Johnson Jul 23, 2024 8 min read