Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers

Carl B. Johnson Jan 19, 2020 7 min read
Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2026

One Invoice, One Email, $47 Million Gone In 2024, Orion Engineering lost $47 million to a single fraudulent wire transfer. The attacker didn't hack a firewall or exploit a zero-day. They compromised a vendor's email account, inserted themselves into an ongoing invoice thread, and changed the

Carl B. Johnson Jan 19, 2020 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used spear phishing emails to impersonate executives and trick finance employees into wiring $46.7 million to overseas accounts. They eventually recovered some of it, but the damage was done. That wasn't

Carl B. Johnson Jan 19, 2020 7 min read
Whaling Attack

Whaling Attack Cybersecurity: How CEOs Get Hooked

A Single Email Cost This Company $46.7 Million In 2015, Ubiquiti Networks disclosed that threat actors impersonated senior executives and tricked employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They didn't deploy ransomware. They sent emails — carefully

Carl B. Johnson Jan 19, 2020 8 min read
Social Engineering Examples

Social Engineering Examples That Bypass Every Firewall

The Attack That Didn't Need a Single Line of Code In September 2022, an 18-year-old allegedly breached Uber's internal systems. The method wasn't a zero-day exploit or some sophisticated malware. It was a text message. The attacker bombarded an Uber contractor with multi-factor authentication

Carl B. Johnson Jan 09, 2020 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee

Carl B. Johnson Jan 09, 2020 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams Costing Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the company's IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The entire breach started with a phone call and a convincing story. That story — the fabricated

Carl B. Johnson Jan 09, 2020 7 min read
Cybersecurity Training for Employees

Cybersecurity Training for Employees: A 2026 Guide

The Breach That Started With a Single Click In January 2024, a finance department employee at a mid-size manufacturing firm opened what looked like a routine DocuSign notification. Within 72 hours, a threat actor had exfiltrated 1.2 million customer records and deployed ransomware across the company's entire

Carl B. Johnson Dec 14, 2019 7 min read