Tag

Social Engineering Prevention

Find practical strategies for defending against social engineering attacks at both the individual and organizational level. Content covers awareness training techniques, verification protocols, policy development, and building a security-first culture that resists manipulation attempts.

posts

Social Engineering Examples

Social Engineering Examples: 7 Real Attacks That Worked

In September 2023, a teenager used a phone call to trick an MGM Resorts employee into resetting credentials. That single social engineering attack cost MGM an estimated $100 million. No malware exploit. No zero-day vulnerability. Just a convincing voice on the other end of a help desk line. If you

Carl B. Johnson Apr 08, 2024 7 min read
Security Awareness Training

How to Measure Security Awareness Training ROI

In March 2021, a single employee at a water treatment plant in Oldsmar, Florida clicked through a remote access session that could have poisoned a city's water supply. The attacker gained entry through a shared TeamViewer password — no phishing email required. The incident raised a question that boardrooms

Carl B. Johnson Nov 28, 2021 7 min read
Phishing Training for Employees

Phishing Training for Employees: What Actually Works

Colonial Pipeline just shut down 5,500 miles of fuel infrastructure this week. One compromised password. That's all it took. While forensic details are still emerging, the early reporting points to a single set of stolen credentials — likely obtained through a social engineering attack on an employee. If

Carl B. Johnson May 13, 2021 7 min read
Social Engineering Examples

Social Engineering Examples: Real Attacks That Worked

In July 2020, a 17-year-old from Florida convinced Twitter employees to hand over internal credentials. Within hours, the accounts of Barack Obama, Elon Musk, Joe Biden, and Apple were all posting Bitcoin scam messages. The attacker didn't exploit a software vulnerability. He exploited people. These social engineering examples

Carl B. Johnson Apr 12, 2021 6 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

One Click Cost Them $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The resulting ransomware attack cost

Carl B. Johnson Jan 19, 2020 7 min read