Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attackers had spoofed not just an email address or

Carl B. Johnson Aug 19, 2024 8 min read
AI Phishing Attacks

Gmail Users Warned About Sophisticated AI-Driven Phishing

In May 2024, a Google security consultant named Sam Mitrovic nearly fell for a phishing call that used a convincing AI-generated voice impersonating Google support. The caller had a legitimate-looking Google phone number, referenced real account activity, and spoke with the polished fluency of a native English speaker. The only

Carl B. Johnson Aug 19, 2024 8 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In January 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The entire operation was coordinated by

Carl B. Johnson Aug 14, 2024 6 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks

Carl B. Johnson Aug 01, 2024 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.

Carl B. Johnson Jul 23, 2024 8 min read
Phishing News

Phishing News 2024: Attacks That Should Scare You

The Phishing Headlines Keep Getting Worse In January 2024, a finance worker at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That single incident captures everything terrifying about the current phishing news cycle: attacks are smarter, faster,

Carl B. Johnson Jul 23, 2024 6 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts

Carl B. Johnson Jul 23, 2024 8 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

Every week, someone on my team flags a new app or service that employees are asking about. "Hey, is this legit?" It's the single most common security question I hear — and for good reason. The FTC reported over $10 billion in consumer fraud losses in 2023,

Carl B. Johnson Jul 23, 2024 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not

Carl B. Johnson Jul 23, 2024 8 min read