Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

What Is Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Email That Cost One Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. He sent fake invoices from a spoofed vendor email address. Employees at two of the most technically sophisticated companies on

Carl B. Johnson Jan 23, 2020 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic

Carl B. Johnson Jan 19, 2020 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams Costing Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the company's IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The entire breach started with a phone call and a convincing story. That story — the fabricated

Carl B. Johnson Jan 09, 2020 7 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost This Company $36 Million In 2023, MGM Resorts lost an estimated $100 million after a threat actor socially engineered the company's help desk with a single phone call. The attacker impersonated an employee, convinced an IT worker to reset credentials, and from there pivoted through

Carl B. Johnson Dec 14, 2019 7 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker found an employee on LinkedIn, called the IT service desk, and convinced them to reset credentials. That&

Carl B. Johnson Dec 14, 2019 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training That Won't Cost You

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called IT support, impersonated an employee found on LinkedIn, and

Carl B. Johnson Nov 30, 2019 6 min read
Data Breach Reporting

How to Report a Data Breach: A Step-by-Step Guide

In 2023, the FTC hit Fortnite maker Epic Games with a $520 million settlement — partly because of how poorly they handled children's data and privacy notifications. The breach itself was damaging. The response failures made it catastrophic. If you're reading this, you either just discovered a

Carl B. Johnson Nov 26, 2019 7 min read