Tag

Business Email Compromise

Analyzes business email compromise (BEC) scams where attackers impersonate executives or vendors to trick employees into transferring funds or sharing sensitive data. Covers detection methods, employee training approaches, and technical controls to prevent BEC attacks.

posts

PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Steals Millions

The Phishing Email That Came From PayPal's Own Servers In late 2024, security researchers at Avanan documented a campaign where threat actors sent phishing invoices through PayPal's actual invoicing system — meaning the emails passed SPF, DKIM, and DMARC checks flawlessly. The same tactic has since merged

Carl B. Johnson Jun 24, 2026 5 min read
Executive Phishing Attacks

Executive Phishing Attacks: Why the C-Suite Is Target #1

A Single Email Cost This Company $47 Million In 2016, Austrian aerospace firm FACC lost €42 million (roughly $47 million USD) after threat actors impersonated the CEO in a carefully crafted email to the finance department. The employee who wired the money believed they were following a direct executive order.

Carl B. Johnson Jun 17, 2026 6 min read
CEO Fraud Email Scam

CEO Fraud Email Scam: How Attackers Steal Millions

A Single Email Cost This Company $47 Million In 2016, FACC, an Austrian aerospace parts manufacturer, lost €42 million (roughly $47 million USD) after an employee wired funds based on instructions that appeared to come from the CEO. The email was fake. The money vanished into accounts controlled by threat

Carl B. Johnson Jun 16, 2026 6 min read
Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2026

One Email Cost This Company $37 Million In 2024, Orion Engineering — a mid-size firm with 200 employees — wired $37 million to what they believed was a trusted overseas supplier. The invoice looked legitimate. The email thread was real. The bank details were the only thing that had changed. By the

Carl B. Johnson Jun 15, 2026 5 min read
Business Email Compromise

Business Email Compromise: The $2.9 Billion Threat

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that business email compromise caused $2.9 billion in adjusted losses — making it the single most financially devastating cybercrime category they track. Not ransomware. Not credential theft rings. BEC. And that number only reflects what gets reported. I&

Carl B. Johnson Jun 11, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How Attackers Exploit Trust

A Legitimate Invoice From PayPal — That's Also a Scam In late 2024, security researchers at Avanan documented a campaign where threat actors sent real PayPal invoices to victims — not spoofed emails, not lookalike domains, but actual invoices generated through PayPal's own platform. The emails passed every

Carl B. Johnson Jun 09, 2026 5 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

A Single Fake Email Cost Facebook and Google $100 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, attached fraudulent invoices, and directed payments to bank accounts he controlled.

Carl B. Johnson Jun 03, 2026 6 min read
Fake Mail

Fake Mail: How Threat Actors Exploit Your Inbox in 2026

The $4.88 Million Problem Sitting in Your Inbox Right Now In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — essentially sophisticated fake mail — cost victims over $2.9 billion in a single year. That wasn't a spike. It was a trend.

Carl B. Johnson May 28, 2026 5 min read
Fake Email

Fake Email: How to Spot One Before It Costs You

In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on

Carl B. Johnson May 06, 2026 5 min read