Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In March 2022, the threat actor group Lapsus$ breached Okta by spear phishing a single support engineer at a third-party contractor. That one compromised account gave the attackers a foothold that ultimately affected roughly 366 Okta customers. Not a mass email blast. Not a Nigerian prince scam. One carefully researched,

Carl B. Johnson Oct 24, 2022 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready Earlier this year, the FBI's Internet Crime Complaint Center (IC3) reported that phishing schemes — including business email compromise — accounted for over $2.7 billion in adjusted losses in 2021 alone. Now,

Carl B. Johnson Oct 24, 2022 7 min read
Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2022

The FBI Is Warning Gmail Users — And Most People Aren't Listening In March 2022, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing — including attacks targeting Gmail users specifically — generated more victim complaints than any other cybercrime category. Over 300,000

Carl B. Johnson Oct 24, 2022 7 min read
Phishing Email

Phishing Email Attacks: What Actually Works to Stop Them

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's

Carl B. Johnson Oct 18, 2022 6 min read
Phishing

Phishing Attacks in 2022: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack

Carl B. Johnson Oct 18, 2022 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In January 2022, the FBI released an advisory warning that criminals were increasingly using voice phishing (vishing) and SMS phishing (smishing) to steal credentials, drain bank accounts, and breach corporate networks. This wasn't a

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing

Carl B. Johnson Sep 22, 2022 8 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags That Matter

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most common cybercrime in 2021, with over 323,000 victims — more than double the count from 2019. That number is climbing again in 2022. If you're searching for how to spot

Carl B. Johnson Sep 22, 2022 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

A Single Email Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that employees had been tricked into wiring $46.7 million to overseas accounts controlled by attackers. The weapon wasn't malware or a zero-day exploit. It was email. If you've ever asked

Carl B. Johnson Sep 22, 2022 7 min read