Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In March 2022, the threat actor group Lapsus$ breached Okta by spear phishing a single support engineer at a third-party contractor. That one compromised account gave the attackers a foothold that ultimately affected roughly 366 Okta customers. Not a mass email blast. Not a Nigerian prince scam. One carefully researched,

Carl B. Johnson Oct 24, 2022 7 min read
Spoofing

Spoof Attacks: How Threat Actors Fake Their Way In

A Single Spoof Email Cost This Company $121 Million In 2019, Toyota Boshoku Corporation disclosed that a subsidiary lost $37 million after an attacker used a spoofed email to impersonate a senior executive and authorize a fraudulent wire transfer. That wasn't an isolated case. Business email compromise (BEC)

Carl B. Johnson Oct 24, 2022 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready Earlier this year, the FBI's Internet Crime Complaint Center (IC3) reported that phishing schemes — including business email compromise — accounted for over $2.7 billion in adjusted losses in 2021 alone. Now,

Carl B. Johnson Oct 24, 2022 7 min read
Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2022

The FBI Is Warning Gmail Users — And Most People Aren't Listening In March 2022, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing — including attacks targeting Gmail users specifically — generated more victim complaints than any other cybercrime category. Over 300,000

Carl B. Johnson Oct 24, 2022 7 min read
Phishing Email

Phishing Email Attacks: What Actually Works to Stop Them

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's

Carl B. Johnson Oct 18, 2022 6 min read
Phishing

Phishing Attacks in 2022: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack

Carl B. Johnson Oct 18, 2022 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In January 2022, the FBI released an advisory warning that criminals were increasingly using voice phishing (vishing) and SMS phishing (smishing) to steal credentials, drain bank accounts, and breach corporate networks. This wasn't a

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing

Carl B. Johnson Sep 22, 2022 8 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags That Matter

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most common cybercrime in 2021, with over 323,000 victims — more than double the count from 2019. That number is climbing again in 2022. If you're searching for how to spot

Carl B. Johnson Sep 22, 2022 7 min read