Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

Your Employees' Phones Are the Weakest Link Right Now In September 2021, Lookout reported that mobile phishing attacks had surged 161% since 2020. That's not a typo. The device your employees carry everywhere — the one they check 96 times a day — has become the primary attack surface

Carl B. Johnson Dec 18, 2021 7 min read
USB Drive Security Risks

USB Drive Security Risks: The Threat Already on Your Desk

A Parking Lot Full of Malware In 2016, researchers at the University of Illinois dropped 297 USB drives across a campus. Nearly 48% were picked up and plugged into a computer. Some were plugged in within six minutes of being dropped. That study still haunts me because the fundamental behavior

Carl B. Johnson Dec 18, 2021 7 min read
Tailgating Attack

Tailgating Attack Cybersecurity: The Threat at Your Door

In September 2019, a Chinese national named Yujing Zhang walked past security at Mar-a-Lago carrying a thumb drive loaded with malware. She told the front desk she was there to use the pool. That's tailgating — and it nearly compromised one of the most secured private facilities in the

Carl B. Johnson Dec 18, 2021 7 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat You Ignore

A $10 Pair of Binoculars Can Beat Your $10 Million Security Budget In 2018, a researcher at a security conference demonstrated how he captured over 100 passwords simply by watching people type at airport gates and coffee shops over a two-week period. No malware. No phishing emails. No zero-day exploits.

Carl B. Johnson Dec 18, 2021 7 min read
Clean Desk Policy

Clean Desk Policy Cybersecurity: Your Cheapest Defense

In March 2021, a UK-based financial firm was fined after a visitor photographed sensitive client data sitting on an employee's desk — in plain sight, during a routine office tour. No hacking tools. No zero-day exploit. Just a smartphone camera and a messy workstation. That's the reality

Carl B. Johnson Dec 18, 2021 7 min read
CEO Fraud Email Scam

CEO Fraud Email Scam: How to Stop It Cold

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — generated $1.8 billion in reported losses in 2020 alone. That made it the single most financially damaging cybercrime category in the entire IC3 report,

Carl B. Johnson Oct 01, 2021 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A Field Guide

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run

Carl B. Johnson Sep 16, 2021 7 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A No-Nonsense Guide

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised password shut down fuel delivery across the U.S. East Coast. The post-incident reporting was filled with jargon — ransomware, threat actor, credential theft, attack vector — that left most non-technical readers glazing over. Here's

Carl B. Johnson Sep 16, 2021 7 min read