Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

In May 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — caused adjusted losses exceeding $2.7 billion in 2022 alone. That made it the single most financially devastating cybercrime category the FBI tracks. Not ransomware.

Carl B. Johnson Jun 08, 2023 7 min read
Executive Phishing Attacks

Executive Phishing Attacks: Why the C-Suite Is Ground Zero

In January 2022, a European subsidiary of the Japanese manufacturer Nikkei lost $29 million after a single employee followed wire transfer instructions from a fraudulent email that impersonated a senior executive. That wasn't a failure of firewalls or endpoint detection. It was a surgical, well-researched executive phishing attack

Carl B. Johnson Jun 08, 2023 7 min read
Supply Chain Attack Examples

Supply Chain Attack Examples: 7 Breaches That Changed Security

In December 2020, security firm FireEye discovered that SolarWinds — a company most people had never heard of — had been compromised by a threat actor who injected malicious code into a routine software update. That single update shipped to roughly 18,000 organizations, including the U.S. Treasury, the Department of

Carl B. Johnson Jun 08, 2023 7 min read
Trojan Horse Malware

Trojan Horse Malware: How It Gets In and How to Stop It

In September 2022, Uber disclosed a breach that started with a single employee accepting a multi-factor authentication push notification they shouldn't have. The threat actor behind it — linked to the Lapsus$ group — had already compromised the employee's credentials. But the initial foothold? Social engineering and malware

Carl B. Johnson Jan 24, 2023 7 min read
DNS Spoofing

DNS Spoofing Attack: How Hackers Hijack Your Traffic

In April 2018, attackers hijacked the DNS servers used by MyEtherWallet and redirected users to a phishing site hosted in Russia. The entire attack lasted roughly two hours. In that window, victims lost around $17 million in cryptocurrency — simply because their browsers resolved a legitimate domain name to a malicious

Carl B. Johnson Jan 09, 2023 7 min read
Phishing

How to Spot a Phishing Email: 9 Red Flags That Matter

In March 2022, the Lapsus$ threat actor group breached Okta — a company literally in the business of identity security — by compromising a single employee through a social engineering campaign that started with phishing. If it can happen to an identity provider securing thousands of enterprises, it can happen to your

Carl B. Johnson Jan 09, 2023 8 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $121 Million In 2017, a Lithuanian man orchestrated a phishing scheme that tricked both Google and Facebook into wiring him over $121 million combined. He sent fake invoices from a spoofed email address impersonating a legitimate hardware vendor. Employees at two of the most

Carl B. Johnson Dec 25, 2022 7 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns Explained

A Ransomware Gang That Starts With Your Inbox In 2022, the Medusa ransomware gang emerged as one of the most aggressive threat actors targeting organizations through phishing campaigns. They don't kick down the front door — they walk through it with stolen credentials, harvested from carefully crafted phishing emails

Carl B. Johnson Dec 25, 2022 6 min read