Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Phishing Email

Phishing Email Tactics in 2026: What Actually Works

Last year, a finance director at a mid-size logistics company wired $1.2 million to a threat actor who sent a single phishing email impersonating the CEO. The email contained no malware, no suspicious attachments, and no misspelled words. It simply asked for an urgent wire transfer, referenced a real

Carl B. Johnson Jun 12, 2019 7 min read
Phishing

Phishing Attacks in 2026: How to Spot and Stop Them

A Single Phishing Email Cost This Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing — often misspelled as "phising" — remained the most reported cybercrime category, with hundreds of thousands of complaints filed in a single year. But the raw numbers don&

Carl B. Johnson Jun 12, 2019 7 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — caused adjusted losses exceeding $2.9 billion. That single category of email fraud outpaced every other cybercrime type in financial damage. And those are just the cases that got

Carl B. Johnson Jun 12, 2019 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In early 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in vishing and smishing campaigns targeting businesses and individuals across the United States. The 2023 IC3 Annual Report documented over

Carl B. Johnson Jun 12, 2019 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

The $4.88 Million Email That Looked Completely Normal In 2023, a finance employee at a midsize manufacturing firm received an email from what appeared to be the CEO. It referenced a real acquisition the company was working on. It used the CEO's actual email signature. The employee

Carl B. Johnson Jun 12, 2019 7 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

Your Inbox Is a Buffet — and Attackers Are Feeding In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The cost? Over $100 million in losses. The attacker didn't exploit a zero-day

Carl B. Johnson Apr 05, 2019 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Guide

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime for the fifth consecutive year. That number only accounts for what gets reported. The actual volume is staggering. So what is a phishing attack, and why does

Carl B. Johnson Apr 05, 2019 6 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

A Single Fake Email Cost This Company $37 Million In 2024, Japanese pharmaceutical giant Nikkei disclosed that a single employee wired approximately $29 million to a fraudulent account after receiving what appeared to be a legitimate email from a senior executive. They aren't alone. The FBI's

Carl B. Johnson Apr 05, 2019 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

A Single FakeEmail Cost One Company $37 Million In 2024, Orion SA, a Luxembourg-based steel trading company, disclosed it lost approximately $60 million after an employee was tricked by a business email compromise scheme using fraudulent email communications. That same year, the FBI's IC3 received over 21,000

Carl B. Johnson Apr 05, 2019 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

A Single PayPal Email Cost One Business Owner $68,000 I got the call on a Tuesday morning. A small business owner in Ohio had received what looked like a routine PayPal dispute notification. She clicked the link, entered her credentials, and within four hours, a threat actor had drained

Carl B. Johnson Apr 05, 2019 8 min read