Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings in 2021

In March 2021, Google disclosed that it blocks more than 100 million phishing emails daily — and Gmail remains the single largest target for sophisticated credential theft campaigns worldwide. The FBI's Internet Crime Complaint Center (IC3) reported that phishing was the number one crime type by victim count in

Carl B. Johnson Aug 24, 2021 7 min read
Phishing

Phishing Attacks in 2021: What Actually Works to Stop Them

36% of All Breaches Start With a Phishing Email The 2021 Verizon Data Breach Investigations Report made something painfully clear: phishing was involved in 36% of all confirmed data breaches — up from 25% the year before. That's not a trend. That's an escalation. And if your

Carl B. Johnson Aug 18, 2021 7 min read
Fake Mail

Fake Mail: How to Spot and Stop Phishing Attacks

91% of Cyberattacks Start With Fake Mail That's not a guess. The Verizon 2021 Data Breach Investigations Report confirmed that phishing was present in 36% of breaches — up from 25% the year before. And when you broaden the lens to include all forms of social engineering delivered through

Carl B. Johnson Aug 18, 2021 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

In January 2020, the FBI and CISA issued a joint advisory warning organizations about a wave of vishing attacks targeting remote workers. By mid-2021, the problem has only gotten worse. The FBI's Internet Crime Complaint Center (IC3) reported over 240,000 phishing, vishing, and smishing complaints in 2020

Carl B. Johnson Aug 18, 2021 7 min read
Phishing Scams

What Is a Phishing Scam? Anatomy of the #1 Cyber Threat

In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida-based managed service provider, ultimately cascading into the massive Kaseya VSA supply-chain ransomware attack that hit over 1,500 businesses worldwide. One email. One click. Billions in damages. If you've

Carl B. Johnson Aug 18, 2021 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In March 2021, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the sophisticated cousin of fake emails — caused over $1.8 billion in losses during 2020 alone. That made it the costliest category of cybercrime they tracked. Not ransomware. Not credit card fraud. Fake emails

Carl B. Johnson Aug 15, 2021 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

The FakeEmail That Cost One Company $75 Million In 2020, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail techniques — generated over $1.8 billion in losses in a single year. That made it the costliest category of cybercrime, beating ransomware by

Carl B. Johnson Aug 15, 2021 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

In January 2021, a wave of PayPal phishing attacks hit inboxes so convincingly that even security-savvy professionals did a double take. The emails replicated PayPal's branding pixel-for-pixel, warned of "unusual activity" on the recipient's account, and linked to a login page hosted on a

Carl B. Johnson Aug 15, 2021 7 min read
Removed Legitimate Software

Removed Legitimate Software: A Hidden Attack Vector

When Trusted Tools Become Trojan Horses In April 2021, security researchers at Kaspersky documented a campaign where threat actors took software that had been removed legitimate from vendor websites — discontinued, deprecated, or pulled due to vulnerabilities — and repackaged it with embedded malware. The attackers then hosted these poisoned versions on

Carl B. Johnson Aug 08, 2021 7 min read