Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Phishing

What Is Phishing? A Security Pro's Real-World Guide

In January 2024, a finance employee at a multinational engineering firm in Hong Kong wired $25.6 million to threat actors after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with

Carl B. Johnson Dec 10, 2024 7 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns Explained

A $100,000 Ransom Demand Starts With One Email In early 2024, the FBI and CISA issued a joint advisory warning that the Medusa ransomware gang had compromised over 300 organizations across critical infrastructure sectors since June 2021. The attack chain almost always starts the same way: phishing campaigns targeting

Carl B. Johnson Nov 07, 2024 7 min read
Phish

Phish: Why One Click Still Causes Million-Dollar Breaches

In January 2024, a finance employee at engineering firm Arup received an email inviting them to a video call with the company's CFO. Everything looked legitimate — the email, the meeting link, even the faces on the screen. It was all a deepfake-powered phish. That single interaction cost Arup

Carl B. Johnson Nov 07, 2024 7 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

In January 2024, a finance worker at British engineering firm Arup was tricked into wiring $25 million to criminals after a video call — a call that started with a single fake email. The message looked like it came from the company's CFO. Everything about it — the sender name,

Carl B. Johnson Oct 17, 2024 8 min read
Phishing

Phishing in 2024: The Attack Vector That Refuses to Die

$4.88 Million Per Breach — and Phishing Opens the Door In January 2024, a finance worker at multinational firm Arup sent $25 million to threat actors after a deepfake video call that impersonated company executives. The attack started with a single phishing email. One message. Twenty-five million dollars gone. That

Carl B. Johnson Oct 17, 2024 7 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

10,000 Fake Domains and Counting In early 2024, the FBI issued a stark FBI warning on smishing texts targeting Americans in every state. The attack campaign involved over 10,000 newly registered domains impersonating toll collection agencies, delivery services, and government agencies. Victims received text messages claiming they owed

Carl B. Johnson Oct 17, 2024 7 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Is — And Why Your Security Team Needs One In March 2024, a mid-size accounting firm lost $2.1 million after an employee clicked a single phishing email disguised as a DocuSign request during tax season. The firm had no phishing simulation program. No playbook. No plan.

Carl B. Johnson Oct 17, 2024 7 min read
Phish Tour

Phish Tour: Walk Through a Real Phishing Attack

A Single Email Cost This Company $25 Million In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after a deepfake video call that started with one phishing email. That's not a hypothetical. That happened. And it began the same way nearly

Carl B. Johnson Oct 17, 2024 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a video call with what appeared to be the company's CFO. It was a deepfake. The attack started with a single phishing email. If your phishing definition still

Carl B. Johnson Oct 17, 2024 7 min read