Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Phishing Training for Employees

Phishing Training for Employees: What Actually Works

The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a social engineering phone call that led to credential theft and a devastating ransomware attack. The estimated cost exceeded $100 million. The attack vector? A

Carl B. Johnson Apr 02, 2026 5 min read
Trojan Horse Malware

Trojan Horse Malware: What It Really Does to You

In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with losses exceeding $12.5 billion — and a staggering number of those incidents started with a single file that looked perfectly legitimate. That file was trojan horse malware, disguised as an invoice, a software update,

Carl B. Johnson Apr 01, 2026 5 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

Last year, a hospital administrator told me she ignored an alert about a credential stuffing attack because she didn't know what that phrase meant. Three days later, her organization was dealing with a ransomware incident that shut down patient scheduling for two weeks. The jargon gap in cybersecurity

Carl B. Johnson Mar 31, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most

Carl B. Johnson Mar 31, 2026 5 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A No-Nonsense Guide

During a breach investigation last year, I watched a CFO stare blankly at an incident response report and ask, "What's lateral movement? What does 'exfiltration' mean? Can someone just speak English?" That moment crystallized something I've known for two decades: the cybersecurity

Carl B. Johnson Mar 28, 2026 6 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns: What to Know

The FBI Warned You About Medusa. Did You Listen? In March 2025, the FBI and CISA issued a joint advisory — #StopRansomware: Medusa Ransomware — warning that the Medusa ransomware gang had already hit over 300 organizations across critical infrastructure sectors. Healthcare, education, manufacturing, technology. The common thread? Nearly every intrusion started

Carl B. Johnson Jan 26, 2026 7 min read
Phishing

Phishing in 2026: What's Actually Working Against It

The Threat That Refuses to Die In January 2025, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing and its variants remained the number one reported cybercrime by volume — for the fifth consecutive year. Over 298,000 complaints. That number only counts the

Carl B. Johnson Jan 18, 2026 7 min read