Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Spoofing Caller

Spoofing Caller Attacks: How to Detect and Stop Them

The Phone Call That Cost One Company $23.5 Million In 2024, a finance executive at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The voice on the

Carl B. Johnson Apr 01, 2019 7 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

Last year, a finance director at a mid-sized logistics company clicked a link in what looked like a DocuSign notification. Fourteen seconds later, a threat actor had her Microsoft 365 credentials. Within two hours, the attacker had redirected a $380,000 wire transfer to an overseas account. The link she

Carl B. Johnson Apr 01, 2019 7 min read
Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing and spoofing — making it the number one reported cybercrime category for the fifth year running. That wasn't a fluke. Spoofing is the backbone of almost every major social engineering campaign

Carl B. Johnson Apr 01, 2019 7 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported over $12.5 billion in losses from internet crime — a staggering 22% increase from the year before. Behind many of these losses weren't lone hackers in basements. They were organized groups running coordinated group online svindel

Carl B. Johnson Apr 01, 2019 7 min read
Phishing News

Phishing News: The Attacks Reshaping 2026 Security

A Single Phishing Email Just Cost a Healthcare System $65 Million If you follow phishing news, you already know the headlines keep getting worse. Change Healthcare's 2024 breach — triggered by compromised credentials and the absence of multi-factor authentication — led to a reported $22 billion disruption across the U.

Carl B. Johnson Mar 20, 2019 7 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

When "Removed" Shows Up and You Don't Know Why Last month, a colleague forwarded me a screenshot from their phone. An app called "Removed" appeared in their app list, and they had no memory of installing it. Their first instinct was to Google "

Carl B. Johnson Mar 20, 2019 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used spear phishing emails to impersonate executives and trick finance staff into wiring $46.7 million to overseas accounts. They eventually recovered some funds, but the damage was done. That wasn't a

Carl B. Johnson Mar 20, 2019 8 min read
Fake Identity Website

Fake Identity Website Threats: How to Spot and Stop Them

A Single Fake Identity Website Took Down a $200M Company's Reputation In 2023, the FBI's IC3 received over 880,000 complaints with potential losses exceeding $12.5 billion — and identity-related fraud was the single fastest-growing category. A huge chunk of that fraud starts at a fake

Carl B. Johnson Mar 20, 2019 7 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Email

In March 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — much of it powered by spoofed sender addresses — cost victims over $2.9 billion in a single year. Behind many of those attacks sits a deceptively simple weapon: a fake mailer. These tools let

Carl B. Johnson Mar 10, 2019 7 min read