Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Whaling Attack

Whaling Attack Cybersecurity: How CEOs Get Hooked

In 2016, an employee at Austrian aerospace firm FACC wired $47 million to a bank account controlled by criminals — because an email that looked like it came from the CEO told them to. The CEO was fired. The CFO was fired. The company's stock tanked. That single email

Carl B. Johnson Apr 22, 2022 7 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In February 2022, the FBI warned that Americans lost over $68 million to smishing and vishing scams in a single year — and that number only counted what victims actually reported to the FBI's IC3. The real figure is almost certainly multiples higher. I've spent the last

Carl B. Johnson Apr 22, 2022 8 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Cold

In July 2020, a teenager and two accomplices called Twitter employees, posed as IT staff, and convinced them to hand over internal credentials. Within hours, they'd hijacked 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in

Carl B. Johnson Apr 21, 2022 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is

Carl B. Johnson Apr 04, 2022 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams That Fool Smart People

In 2020, a teenager convinced a Twitter employee he was a co-worker from the IT department. That single phone call led to the compromise of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and a Bitcoin scam that netted over $100,000 in hours. The attack wasn'

Carl B. Johnson Apr 04, 2022 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

The 82% Problem Nobody Wants to Own The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved a human element — phishing, stolen credentials, misuse, or simple error. That number has barely budged in years. And yet most organizations still treat cybersecurity awareness training as a checkbox exercise:

Carl B. Johnson Apr 04, 2022 8 min read
Cybersecurity Training for Employees

Cybersecurity Training for Employees: A Practical Guide

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Microsoft, Nvidia, Samsung, and Okta. They didn't use sophisticated zero-day exploits. They used social engineering. They bought credentials. They tricked employees. And they walked through the front door of some of the most well-resourced security

Carl B. Johnson Apr 04, 2022 6 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting

Carl B. Johnson Apr 04, 2022 7 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2022

One Click Cost This Company Everything In March 2022, a single employee at Nvidia clicked something they shouldn't have. The Lapsus$ threat actor group walked away with over a terabyte of proprietary data, including employee credentials and source code. Nvidia isn't a small shop with weak

Carl B. Johnson Apr 04, 2022 7 min read