Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In December 2020, the world learned that SolarWinds — a company whose software sat inside thousands of government and corporate networks — had been compromised by a sophisticated nation-state threat actor. The initial intrusion vector? Targeted, carefully crafted communications designed to exploit trust. If you're asking what is spear phishing,

Carl B. Johnson Jul 01, 2021 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2021

In March 2021, a single phishing email led to the compromise of over 30,000 U.S. organizations through the Microsoft Exchange Server vulnerabilities. The attackers didn't need a sophisticated zero-day to get their initial foothold — they needed someone to click. If you're trying to define

Carl B. Johnson Jul 01, 2021 7 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — often launched using a fake mailer or spoofing tool — cost American organizations over $1.8 billion in 2020 alone. That made it the most financially damaging cybercrime category in the entire IC3 report, dwarfing

Carl B. Johnson Jul 01, 2021 7 min read
Cyber Security

Cyber Security in 2021: What Actually Stops Breaches

Colonial Pipeline. JBS Foods. SolarWinds. The first half of 2021 has delivered a masterclass in what happens when cyber security fails at scale. Colonial paid $4.4 million in ransom. JBS paid $11 million. And the SolarWinds fallout — which compromised nine federal agencies and over 100 private companies — is still

Carl B. Johnson Jul 01, 2021 7 min read
Security of Cyberspace

Security of Cyberspace: What Actually Works in 2021

The Colonial Pipeline ransomware attack in May 2021 shut down fuel delivery across the U.S. East Coast for nearly a week. Gas stations ran dry. Panic buying erupted. A single compromised password — reportedly linked to an inactive VPN account without multi-factor authentication — brought critical infrastructure to its knees. If

Carl B. Johnson Jun 03, 2021 6 min read
Cybersecurity Definition

Cybersecurity Definition: What It Really Means in 2021

Colonial Pipeline just paid a $4.4 million ransom to get its systems back online, shutting down fuel delivery across the U.S. East Coast for nearly a week. If you searched for a cybersecurity definition expecting a clean, academic sentence, this incident should tell you everything textbooks leave out.

Carl B. Johnson May 18, 2021 6 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Pipeline Went Dark — Because One Person Clicked On May 7, 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down operations after a ransomware attack. The disruption caused fuel shortages across the southeastern U.S. and triggered panic buying. While the full forensic details are still

Carl B. Johnson May 13, 2021 7 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2021

On May 7, 2021 — less than a week ago — Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack that started with a single compromised credential. One password. No multi-factor authentication. An entire region's fuel supply disrupted. This is the kind of incident that

Carl B. Johnson May 13, 2021 7 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

A Single Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices, and both tech giants paid up — for years.

Carl B. Johnson May 04, 2021 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In 2020, Twitter lost control of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — because a 17-year-old used spear phishing to trick a handful of Twitter employees into handing over internal credentials. The attackers didn't blast a million inboxes with a generic "Your account has

Carl B. Johnson May 04, 2021 6 min read