Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't write custom malware. They called an employee, pretended to

Carl B. Johnson Mar 29, 2025 7 min read
CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

A Single Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the category that includes every CEO fraud email scam — generated adjusted losses exceeding $2.9 billion in a single year. That number has held steady as one

Carl B. Johnson Mar 05, 2025 7 min read
Trojan Horse Malware

Trojan Horse Malware: How It Gets In and How to Stop It

In September 2023, MGM Resorts watched helplessly as its systems went dark — slot machines frozen, hotel check-ins offline, operations paralyzed for ten days. The estimated cost exceeded $100 million. The attack vector? Social engineering that led to credential theft, which opened the door for malware deployment across the enterprise. That&

Carl B. Johnson Dec 19, 2024 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2024, security researchers at Fortinet uncovered a campaign distributing Snake Keylogger through phishing emails disguised as payment remittance notices. The malware silently captured credentials from over 280 banking and email applications before exfiltrating everything to attacker-controlled Telegram bots. The victims had no idea. Every password, every credit card

Carl B. Johnson Dec 19, 2024 6 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2024, security researchers at Sekoia documented a massive adversary-in-the-middle campaign that used phishing kits to intercept Microsoft 365 credentials and session tokens in real time — bypassing multi-factor authentication entirely. The attack wasn't theoretical. It hit thousands of organizations across multiple industries. And it reminded every security

Carl B. Johnson Dec 19, 2024 8 min read
DNS Spoofing Attack

DNS Spoofing Attack: How It Works and How to Stop It

In April 2024, security researchers at Akamai reported a massive DNS hijacking campaign targeting over 600 domains, redirecting users to credential harvesting pages that looked identical to legitimate banking and email portals. Victims had no idea they were on a fake site. Their browsers showed no warnings. The URLs looked

Carl B. Johnson Dec 19, 2024 8 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In January 2024, a finance employee at a multinational firm in Hong Kong joined what appeared to be a routine video call with the company's CFO. Everything looked normal — the CFO's face, voice, and mannerisms were all spot-on. The employee followed instructions and wired $25 million

Carl B. Johnson Dec 10, 2024 7 min read