Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Pretexting Attacks

Pretexting Attack Examples: Real Scams That Bypass Security

In 2020, a teenager and two accomplices convinced a Twitter employee they were from the company's IT department. That single phone call gave them access to internal tools, which they used to hijack 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — netting over $100,

Carl B. Johnson Apr 12, 2021 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

In March 2021, a single employee at a water treatment plant in Oldsmar, Florida, watched someone remotely take control of their screen and attempt to increase sodium hydroxide levels to dangerous concentrations. The attacker got in through a shared TeamViewer password. No advanced exploit. No zero-day. Just poor cybersecurity awareness

Carl B. Johnson Apr 12, 2021 6 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In December 2020, FireEye disclosed one of the most sophisticated supply chain attacks in history — the SolarWinds breach. Threat actors compromised a trusted software update, slipping past automated defenses at over 18,000 organizations including multiple U.S. government agencies. But here's the detail that gets buried: investigators

Carl B. Johnson Apr 02, 2021 7 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees: A 2021 Guide

The Click That Cost One Company $46 Million In 2020, Ubiquiti Networks disclosed a breach that started with a single employee's compromised credentials. Attackers impersonated company executives, manipulated employees through social engineering, and walked away with $46.7 million in fraudulent wire transfers. The technology was fine. The

Carl B. Johnson Apr 02, 2021 8 min read
Cybersecurity Training

How to Train Employees on Cybersecurity That Sticks

In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on an update server — a detail that surfaced during Congressional hearings about one of the most devastating supply chain attacks in history. Thousands of organizations, including multiple U.S. government agencies, were compromised. The root cause wasn&

Carl B. Johnson Apr 02, 2021 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

One Month Won't Save You — But It Can Start Something That Does In October 2020, during Cybersecurity Awareness Month, a major hospital chain — Universal Health Services — was fighting off one of the largest ransomware attacks in U.S. healthcare history. The Ryuk ransomware hit over 400 facilities. Staff

Carl B. Johnson Apr 02, 2021 6 min read