Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

Your Employees' Phones Are Under Siege In March 2024, MGM Resorts was still reeling from one of the most expensive social engineering attacks in corporate history — one that started with a phone call, not an email. That incident cost the company over $100 million. And it's not

Carl B. Johnson May 04, 2026 6 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee found on LinkedIn, and gained access to the company's entire network. The result: over $100 million in losses, days of disrupted operations,

Carl B. Johnson May 03, 2026 6 min read
Phishing

Phishing Attacks in 2026: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Lands You Here Here's something I find fascinating — "phising" is one of the most commonly misspelled cybersecurity terms on the internet. If you searched for it, you're in exactly the right place. Phishing (with the

Carl B. Johnson May 02, 2026 6 min read
Cyber Security

Cyber Security in 2026: What Actually Works Now

The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for millions of Americans. UnitedHealth Group confirmed paying a $22 million ransom. The attack vector? Stolen credentials on a system that lacked multi-factor authentication. One missing

Carl B. Johnson May 02, 2026 5 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.

Carl B. Johnson Apr 30, 2026 5 min read
Data Breach

What Causes a Data Breach: 7 Root Causes in 2026

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state tooling. Just a phone call. If you want to understand what causes a data breach,

Carl B. Johnson Apr 30, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past an IT help desk — with a single phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital key cards across Las

Carl B. Johnson Apr 29, 2026 5 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used carefully crafted emails — impersonating executives — to trick finance employees into wiring $46.7 million to overseas accounts. That wasn't a mass spam campaign. It was spear phishing: a surgical, researched, devastatingly

Carl B. Johnson Apr 28, 2026 6 min read
Spoofing

Spoofing Attacks: How Hackers Impersonate Your Trust

The CEO Who Wired $47 Million to a Criminal In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after threat actors spoofed the CEO's email and instructed a finance employee to wire funds for a fake acquisition. The employee believed the request was legitimate. The

Carl B. Johnson Apr 27, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

Your Employees Are the Breach — 68% of the Time The 2024 Verizon Data Breach Investigations Report found that 68% of breaches involved a non-malicious human element — someone clicked a phishing link, reused a password, or misconfigured a system. That number has held stubbornly steady for years. If you're

Carl B. Johnson Apr 26, 2026 5 min read