Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Phishing

Define Phishing: What It Really Looks Like in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after attending a deepfake video call where every other "participant" — including the CFO — was an AI-generated impersonation. That single incident redefines what phishing looks like today. If you still

Carl B. Johnson Jul 16, 2024 7 min read
Fake Identity Website

Fake Identity Website Threats: How to Spot and Stop Them

The Fake Identity Website That Fooled an Entire HR Department Earlier this year, an HR team at a mid-size logistics company received a job application that checked every box. The resume was polished, the LinkedIn profile looked legitimate, and the applicant's personal website — showcasing a portfolio and professional

Carl B. Johnson Jul 16, 2024 7 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the

Carl B. Johnson Jul 13, 2024 7 min read
Security of Cyberspace

Security of Cyberspace: What Actually Works in 2024

A $12.5 Billion Problem Nobody Can Ignore The FBI's Internet Crime Complaint Center reported $12.5 billion in losses from cybercrime in 2023 — a 22% increase from the prior year. That number represents real money stolen from real organizations, many of whom believed they had adequate defenses.

Carl B. Johnson Jul 10, 2024 7 min read
Cybersecurity Definition

Cybersecurity Definition: What It Really Means in 2024

In March 2024, a ransomware attack on Change Healthcare — one of the largest health payment processors in the U.S. — disrupted claims processing for pharmacies and hospitals nationwide. Patients couldn't fill prescriptions. Providers couldn't get paid. A single breach paralyzed a massive chunk of American healthcare

Carl B. Johnson May 13, 2024 7 min read
Phishing Psychology

How Phishing Emails Work: The Psychology Behind the Click

A Single Click Cost One Company $100 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing but phishing emails. No zero-day exploits. No advanced malware. Just carefully crafted messages that exploited human psychology. If you want to

Carl B. Johnson May 03, 2024 8 min read
Phishing Training for Employees

Phishing Training for Employees: A Practical Guide

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. One employee. One convincing lure. Twenty-five million dollars gone. That's not a hypothetical — it'

Carl B. Johnson May 03, 2024 7 min read
Phishing Email Detection

How to Recognize a Phishing Email Before You Click

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors — all because of a phishing email that led to a deepfake video call. That incident made global headlines, but here's what didn't: the thousands of nearly identical

Carl B. Johnson May 03, 2024 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

One Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation — a major Toyota parts supplier — lost $37 million after an employee wired funds to a fraudster posing as a legitimate business partner. That same year, Nikkei's American subsidiary lost $29 million to a nearly identical scheme.

Carl B. Johnson May 03, 2024 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That attack didn't start with a mass spam blast. It started with a carefully researched, individually targeted spear phishing email.

Carl B. Johnson May 02, 2024 6 min read