Tag

Cybersecurity Awareness

Articles on cybersecurity awareness cover the foundational knowledge individuals and organizations need to recognize and respond to digital threats. Topics include safe browsing habits, password hygiene, social engineering tactics, and building a security-first culture across teams.

posts

DNS Spoofing Attack

DNS Spoofing Attack: How Hackers Hijack Your Traffic

In April 2018, attackers hijacked the DNS records for Amazon's Route 53 service, redirecting traffic meant for MyEtherWallet.com to a malicious server in Russia. Users who typed the correct URL into their browsers still landed on a fake site. Within two hours, attackers stole roughly $150,000

Carl B. Johnson Sep 03, 2021 7 min read
Phish Tour

Phish Tour: Simulate Real Attacks Before Hackers Do

One Click Cost Colonial Pipeline $4.4 Million In May 2021, a single compromised credential shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom to a threat actor group called DarkSide. The entry point wasn't some exotic zero-day exploit.

Carl B. Johnson Aug 25, 2021 7 min read
Spoofing

Spoofing Attacks: How Hackers Impersonate Trust

In July 2020, a seventeen-year-old in Florida used phone-based spoofing and social engineering to compromise internal Twitter tools, hijacking the verified accounts of Barack Obama, Elon Musk, Jeff Bezos, and Apple. The attackers impersonated IT staff during phone calls to Twitter employees, spoofing caller IDs to appear legitimate. Within hours,

Carl B. Johnson Aug 25, 2021 8 min read
Spoofing

Spoof Attacks: How Threat Actors Impersonate You

In July 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — overwhelmingly powered by spoof techniques — cost victims over $1.8 billion in 2020 alone. That made it the single most financially damaging category of cybercrime they tracked. Not ransomware. Not credential theft. Spoofing-driven impersonation.

Carl B. Johnson Aug 24, 2021 8 min read
Phishing

Phishing Attacks in 2021: What Actually Works to Stop Them

36% of All Breaches Start With a Phishing Email The 2021 Verizon Data Breach Investigations Report made something painfully clear: phishing was involved in 36% of all confirmed data breaches — up from 25% the year before. That's not a trend. That's an escalation. And if your

Carl B. Johnson Aug 18, 2021 7 min read
Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In July 2020, attackers spoofed internal Twitter tools to hijack 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in hours. The attack didn't rely on some exotic zero-day exploit. It relied on spoofing: making something fake

Carl B. Johnson Aug 08, 2021 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In May 2021, a single phishing attack against Colonial Pipeline's legacy VPN account triggered the largest fuel supply disruption in U.S. history. One compromised credential. No multi-factor authentication. Five days of chaos across the Eastern Seaboard. That's what a phishing attack looks like when it

Carl B. Johnson Jul 13, 2021 7 min read
Phishing News

Phishing News: The Attacks Dominating 2021 So Far

2021's Phishing Landscape Is Unlike Anything We've Seen Before In March, Microsoft reported that a massive phishing campaign had targeted over 10,000 organizations since January 2021, using sophisticated OAuth token theft to bypass multi-factor authentication. That single campaign should have been a wake-up call. Instead,

Carl B. Johnson Jul 13, 2021 7 min read
Phishing Scams

Phishing Scams: What's Actually Working in 2021

The FBI's Internet Crime Complaint Center reported $4.2 billion in losses from cybercrime in 2020 — and phishing scams were the number one reported attack type, with 241,342 complaints. That's not a typo. Nearly a quarter of a million people filed formal complaints about phishing

Carl B. Johnson Jul 13, 2021 7 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

When "Removed" Shows Up, Your Instincts Are Right to Question It Last month, I received three separate emails from readers asking the same question: they'd encountered an app, service, or website branded as "Removed" and wanted to know — removed is it legit? The fact

Carl B. Johnson Jul 13, 2021 7 min read