Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Clean Desk Policy

Clean Desk Policy Cybersecurity: Your Cheapest Defense

The Sticky Note That Cost a Hospital $3 Million A nurse left a sticky note with login credentials on her monitor. A visitor photographed it. Within 48 hours, a threat actor had accessed patient records for over 10,000 individuals. The resulting HIPAA settlement wasn't pretty. I'

Carl B. Johnson Jul 06, 2026 5 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2024, security researchers at Checkmarx uncovered a massive man in the middle attack campaign targeting the Python Package Index (PyPI), where threat actors intercepted developer credentials and injected malicious code into software supply chains. The attack went undetected for months. This wasn't some exotic nation-state operation

Carl B. Johnson Jul 05, 2026 6 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $121 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $121 million from Google and Facebook. His weapon wasn't malware. It wasn't a zero-day exploit. It was phishing — forged emails impersonating a legitimate hardware vendor,

Carl B. Johnson Jun 29, 2026 6 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

Last year, a mid-size accounting firm in Ohio lost $1.2 million after a single employee clicked one link in a spoofed Microsoft 365 email. The link looked like a routine password-reset page. It wasn't. Within 90 minutes, a threat actor had harvested credentials, bypassed weak authentication, and

Carl B. Johnson Jun 28, 2026 5 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Actually Means for Your Security Team When the band Phish takes the stage, they never play the same setlist twice. Every show is crafted for the audience. Your phishing simulation program should work the same way. A phish setlist — a curated, rotating collection of phishing attack

Carl B. Johnson Jun 28, 2026 5 min read