Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Smishing

FBI Warning on Smishing Texts: What You Must Do Now

In December 2025, the FBI issued a stark public warning: delete suspicious text messages immediately. The advisory specifically called out a wave of smishing texts — SMS-based phishing attacks — targeting Americans with fake toll road notices, package delivery scams, and fraudulent financial alerts. The bureau's Internet Crime Complaint Center

Carl B. Johnson Jan 18, 2026 7 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

One Band's Name Became Cybersecurity's Favorite Metaphor In 2024, the FBI's IC3 report documented over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And yet, most organizations still run phishing simulations like they're checking

Carl B. Johnson Jan 18, 2026 8 min read
Phish Tour

Phish Tour: A Guided Walk Through Modern Attacks

Welcome to the Phish Tour Nobody Asked For In March 2025, a finance employee at a mid-size manufacturing firm received a Microsoft Teams message from someone impersonating the CFO. The message included a link to a SharePoint page that looked flawless. Within 90 seconds, the employee entered their credentials. Within

Carl B. Johnson Jan 18, 2026 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In May 2025, the FBI's Internet Crime Complaint Center reported that phishing was — for the ninth consecutive year — the most-reported cybercrime category, with over 300,000 complaints in a single year. That number only counts the people who bothered to report it. The real volume is staggering. Yet

Carl B. Johnson Jan 17, 2026 7 min read
Phishing

Definition of a Phishing Attack: What It Really Looks Like

The MGM Breach Started With a Single Phone Call In September 2023, a threat actor called the MGM Resorts help desk, pretended to be an employee, and talked their way into a credential reset. Within hours, the Scattered Spider group had deep access to MGM's systems. The result:

Carl B. Johnson Jan 17, 2026 7 min read
Spoofing

Spoofing Attacks: How They Work and How to Stop Them

A CFO Wired $25 Million Because of a Spoofed Video Call In early 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million after joining a video conference call where every other participant — including the company's CFO — was a deepfake. The threat actors

Carl B. Johnson Jan 17, 2026 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing voice call — a single, well-researched phone call to the company's IT help desk — to compromise the entire organization. The attacker already knew the target employee's name,

Carl B. Johnson Jan 17, 2026 8 min read
Spoof

Spoof Attacks: How Threat Actors Trick Your Defenses

The CEO Email That Wasn't From the CEO In early 2025, a mid-sized logistics company wired $3.1 million to a bank account in Hong Kong. The CFO had received an email — apparently from the CEO — requesting an urgent wire transfer for a confidential acquisition. The email address

Carl B. Johnson Jan 17, 2026 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

In May 2025, the FBI issued a stark warning: sophisticated AI-driven phishing attacks are now targeting Gmail's 2.5 billion users with emails so convincing that even seasoned IT professionals are getting fooled. The FBI warns Gmail users of sophisticated AI-driven phishing attacks that leverage generative AI to

Carl B. Johnson Dec 27, 2025 7 min read
Phishing

Phishing Attacks in 2025: What Actually Works to Stop Them

In January 2025, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The attack started the same way almost all of them do — with a phishing email. If you'

Carl B. Johnson Dec 27, 2025 7 min read