Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that attackers used carefully crafted emails impersonating company executives to trick finance employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They exploited trust. That's spear

Carl B. Johnson May 21, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called the MGM Resorts help desk, impersonated an employee found on LinkedIn, and convinced IT staff to reset credentials. The result: ten days of operational chaos, encrypted systems, and an estimated $100 million in

Carl B. Johnson May 20, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a finance employee at a Hong Kong multinational wired $25 million to threat actors after clicking a single link in what appeared to be a routine email from the company's CFO. That link led to a deepfake video call — but it started with something deceptively

Carl B. Johnson May 18, 2026 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. The attacker didn't blast out a million generic emails. They researched one finance executive, crafted one convincing message, and walked away with the money. That&

Carl B. Johnson May 17, 2026 5 min read
Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Numbers

The IRS Call That Cost a Hospital $1.5 Million A CFO at a mid-sized hospital picked up the phone. The caller ID showed the IRS main line. The voice on the other end was professional, urgent, and specific — citing the organization's actual EIN and a pending audit.

Carl B. Johnson May 17, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

The Threat Already Inside Your Network In 2023, Tesla disclosed that two former employees had leaked the personal data of more than 75,000 workers to a German news outlet. It wasn't a sophisticated hack. It wasn't a nation-state threat actor. It was people who already

Carl B. Johnson May 17, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, convinced a finance employee to change wire transfer details, and the money vanished. That attack started with something deceptively simple

Carl B. Johnson May 15, 2026 5 min read
DNS Spoofing

DNS Spoofing Attack: How Hackers Redirect Your Traffic

In April 2024, researchers at Akamai discovered a massive DNS hijacking campaign targeting financial institutions across Southeast Asia. Attackers poisoned DNS caches at the ISP level, silently redirecting thousands of banking customers to pixel-perfect phishing sites. Victims entered their credentials on pages that looked identical to their bank's

Carl B. Johnson May 14, 2026 5 min read
Insider Threats

Malicious Insider vs Negligent Insider: The Real Threat

One Employee Stole Data. The Other Just Clicked a Link. Both Cost Millions. In 2022, a former Amazon employee was convicted for her role in the Capital One breach that exposed over 100 million customer records. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches

Carl B. Johnson May 13, 2026 5 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

In March 2024, a finance employee at a multinational firm wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. The attack started with a single phishing email. That one message opened the door to a loss most companies would never recover

Carl B. Johnson May 13, 2026 5 min read