Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call where every other participant — including the CFO — was a deepfake. The attackers had studied publicly available footage, cloned voices and faces, and orchestrated an elaborate social engineering attack that

Carl B. Johnson Apr 07, 2024 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident

Carl B. Johnson Mar 24, 2024 7 min read
Security Awareness Training Program

Security Awareness Training Program: Build One That Works

In January 2024, Microsoft disclosed that a Russian threat actor group — Midnight Blizzard — had breached executive email accounts using a simple password spray attack against a legacy test account that lacked multi-factor authentication. One of the most technically sophisticated companies on the planet, compromised by one of the oldest tricks

Carl B. Johnson Mar 24, 2024 8 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

October Ends. The Phishing Emails Don't. Every October, organizations plaster break rooms with cybersecurity posters, blast out a few reminder emails, and call it a win. Then November rolls around, and the same employees click the same malicious links. I've watched this cycle repeat for over

Carl B. Johnson Feb 28, 2024 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why "Free" Costs More

In January 2024, Microsoft disclosed that the Russian threat actor group Midnight Blizzard had breached corporate email accounts — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. One of the most well-resourced technology companies on the planet got

Carl B. Johnson Feb 28, 2024 7 min read
Data Breach

What Causes a Data Breach: 7 Root Causes Behind Every Attack

In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered a help desk employee with a single phone call. One conversation. That's all it took to cripple slot machines, hotel check-in systems, and digital room keys across Las Vegas for over a

Carl B. Johnson Jan 22, 2024 7 min read
Data Breach Examples

Data Breach Examples: What 2024 Trends Tell Us

The Breach That Cost MGM Resorts Over $100 Million In September 2023, a threat actor called Scattered Spider brought MGM Resorts to its knees — not with some exotic zero-day exploit, but with a phone call. A social engineering attack against the company's IT help desk gave attackers the

Carl B. Johnson Jan 22, 2024 7 min read