Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Phishing Attack

Phishing Attack Anatomy: How Breaches Really Start

In March 2022, threat actor group Lapsus$ breached Okta by compromising a single support engineer's laptop — an attack chain that started with social engineering and credential theft. One employee. One set of stolen credentials. And suddenly, a company trusted by thousands of organizations to manage authentication was scrambling

Carl B. Johnson Sep 04, 2022 7 min read
Phishing News

Phishing News: The Attacks Dominating 2022 So Far

In August 2022, Twilio disclosed that a sophisticated phishing campaign had compromised employee credentials and exposed data tied to over 130 organizations — including the encrypted messaging giant Signal. A month earlier, a massive phishing operation dubbed "0ktapus" by researchers at Group-IB had already hit over 130 companies. If

Carl B. Johnson Sep 04, 2022 6 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In March 2022, the threat actor group Lapsus$ breached Okta, Microsoft, and Samsung — not through some sophisticated zero-day exploit, but through phishing scams and social engineering that tricked employees into handing over credentials. A group reportedly led by teenagers compromised some of the largest technology companies on the planet. If

Carl B. Johnson Sep 04, 2022 7 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

Every week, I get emails from readers asking the same type of question: "I found this app called Removed — is it legit?" Sometimes it's Removed, sometimes it's another obscure app that popped up in a search result, an ad, or a text message from

Carl B. Johnson Aug 23, 2022 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Big Breaches

In March 2022, the FBI warned that business email compromise — a category dominated by spear phishing — cost victims over $2.4 billion in 2021 alone, making it the most financially damaging cybercrime category in the FBI IC3 Annual Report. That number dwarfs ransomware losses. So what is spear phishing, exactly,

Carl B. Johnson Aug 23, 2022 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2022

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor — potentially impacting hundreds of enterprise customers downstream. The attack didn't exploit some exotic zero-day. It exploited a human being who clicked a link. If you're here to define phishing,

Carl B. Johnson Aug 23, 2022 6 min read
Fake Identity Website

Fake Identity Website Threats: How Criminals Steal Data

That Login Page Isn't Real — And Your Employees Can't Tell In March 2022, the FBI warned that cybercriminals were registering domains impersonating well-known businesses at an alarming rate. The scam is straightforward: build a fake identity website that mirrors a legitimate login page, blast phishing emails

Carl B. Johnson Aug 23, 2022 7 min read
Cyber Security Definition

Cyber Security Definition: What It Really Means in 2022

Costa Rica declared a national emergency in May 2022 after the Conti ransomware gang crippled 27 government institutions. Tax systems went offline. Foreign trade ground to a halt. An entire country — not just a company — was brought to its knees by a cyberattack. If you think the cyber security definition

Carl B. Johnson Jun 27, 2022 7 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Single Email Cost This Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. His method wasn't a zero-day exploit or cutting-edge malware. It was emails. Carefully crafted, psychologically precise emails that

Carl B. Johnson May 26, 2022 7 min read
Phishing Awareness Training

Phishing Awareness Training: Why 82% of Breaches Start Here

The 2022 Verizon Data Breach Investigations Report landed last month, and one number should keep every business owner awake at night: 82% of breaches involved the human element. Phishing, stolen credentials, pretexting, human error — threat actors aren't picking locks. They're asking your employees to hold the

Carl B. Johnson May 26, 2022 7 min read