Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2026

In 2023, a single remote employee at a major casino operator received a phone call from someone claiming to be IT support. That social engineering attack — a vishing call lasting roughly ten minutes — gave threat actors the foothold they needed to deploy ransomware across MGM Resorts' entire network, causing

Carl B. Johnson Sep 28, 2019 8 min read
Cybersecurity for Law Firms

Cybersecurity for Law Firms: A Practical Defense Guide

Why Threat Actors Treat Law Firms Like ATMs In 2023, the international law firm Bryan Cave Leighton Paisner disclosed a breach that exposed the personal data of over 51,000 individuals — including clients of major corporations like Mondelēz. That same year, an Am Law 100 firm paid a multimillion-dollar ransom

Carl B. Johnson Sep 10, 2019 7 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Practical Defense Guide

The Breach That Cost a Children's Charity Everything In 2023, Save the Children International confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global nonprofit with substantial resources still

Carl B. Johnson Sep 10, 2019 6 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

The Text Message That Cost a Company $15 Million In 2022, Twilio disclosed a breach that started with a simple SMS message. Employees received text messages impersonating the IT department, directing them to a fake login page. Several entered their credentials. That single vector — mobile phishing attacks delivered via text

Carl B. Johnson Sep 08, 2019 7 min read
Tailgating Attack

Tailgating Attack Cybersecurity: Stop the Walk-In Breach

In 2019, a penetration tester hired by the state of Iowa walked into a locked courthouse after hours by simply following an employee through a secure door. He was arrested — even though the state had authorized the test. The incident made national headlines and exposed a painful truth: your firewalls,

Carl B. Johnson Sep 01, 2019 7 min read
Clean Desk Policy

Clean Desk Policy Cybersecurity: Why It Still Matters

The Unlocked Filing Cabinet That Cost a Hospital $3 Million In 2019, the Office for Civil Rights fined Bayfront Health St. Petersburg $85,000 for a breach involving paper records left in an unsecured location. That was a small settlement. I've seen organizations lose far more when a

Carl B. Johnson Sep 01, 2019 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What the C-Suite Gets Wrong

The CEO Who Clicked the Link In 2024, the SEC charged SolarWinds' CISO with fraud and internal control failures tied to the massive breach that compromised federal agencies and Fortune 500 companies. That case sent shockwaves through every boardroom in America — not because of the technical details, but because

Carl B. Johnson Aug 20, 2019 7 min read
CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

A Single Email Cost This Company $47 Million In 2015, Ubiquiti Networks disclosed that threat actors used a CEO fraud email scam to trick finance employees into wiring $46.7 million to overseas accounts controlled by attackers. The emails looked like routine requests from senior executives. No malware was involved.

Carl B. Johnson Aug 20, 2019 8 min read