Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $120 million from Google and Facebook using a sophisticated man in the middle attack scheme. He impersonated a legitimate hardware vendor, intercepted invoice communications, and redirected payments to bank accounts he controlled. The scheme ran for two

Carl B. Johnson Jun 02, 2026 5 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't crack an encryption

Carl B. Johnson Jun 01, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And those are just the ones people actually reported. If you're asking what is phishing, you're asking the

Carl B. Johnson May 30, 2026 6 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now #1 Target

Your Employees' Phones Are the Weakest Link In March 2024, MGM Resorts was still dealing with the fallout of a social engineering attack that started with a simple phone call. But here's what most people missed in the post-incident analysis: the reconnaissance that made that attack possible

Carl B. Johnson May 29, 2026 5 min read
Fake Mail

Fake Mail: How Threat Actors Exploit Your Inbox in 2026

The $4.88 Million Problem Sitting in Your Inbox Right Now In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — essentially sophisticated fake mail — cost victims over $2.9 billion in a single year. That wasn't a spike. It was a trend.

Carl B. Johnson May 28, 2026 5 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, pretended to be an employee, and talked their way into a password reset. No malware. No zero-day exploit. Just a phone call and a convincing story. That single incident shut down slot machines,

Carl B. Johnson May 26, 2026 6 min read
Phish Tour

Phish Tour: Mapping the Anatomy of a Phishing Attack

Welcome to the Phish Tour: How a Single Email Becomes a Full-Blown Breach In March 2023, the FBI's IC3 received over 298,000 complaints related to phishing schemes — more than any other cybercrime category by a wide margin. That number has only climbed since. Yet most people still

Carl B. Johnson May 24, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a single phishing link in a spoofed Microsoft 365 email gave attackers access to the email accounts of several U.S. State Department employees. The link looked like a routine password-reset page. It wasn't. That one click led to weeks of unauthorized access before anyone

Carl B. Johnson May 23, 2026 5 min read
Phishing Awareness

How to Recognize a Phishing Email Before You Click

The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, sent a convincing email, and an employee wired the funds. No malware. No zero-day exploit. Just one phishing email that

Carl B. Johnson May 22, 2026 6 min read