Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.
posts
A Legitimate Invoice From PayPal — That's Also a Scam In late 2024, security researchers at Avanan documented a campaign where threat actors sent real PayPal invoices to victims — not spoofed emails, not lookalike domains, but actual invoices generated through PayPal's own platform. The emails passed every
A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used carefully crafted emails impersonating company executives to trick finance employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They exploited people — with spear phishing.
The Email That Cost One Company $100 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of spear phishing — accounted for over $2.9 billion in adjusted losses. That wasn't a typo. Billions. And those are just the cases
In late 2024, the FBI issued a stark warning: AI-driven phishing attacks targeting Gmail users had reached a level of sophistication that made them nearly indistinguishable from legitimate communications. We're not talking about the laughably bad "Nigerian prince" emails anymore. These are pixel-perfect replicas of Google
A Single Fake Email Cost Facebook and Google $100 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, attached fraudulent invoices, and directed payments to bank accounts he controlled.
In January 2024, a finance employee at a multinational engineering firm in Hong Kong wired $25 million to threat actors after a video call with what appeared to be the company's CFO. The call was a deepfake. But the attack started weeks earlier — with a single spear phishing
That Google Alert in Your Inbox Might Be Real — Or It Might Be the Attack Itself Last year, a finance director at a mid-size logistics company got a Gmail account access warning that looked completely legitimate. It warned of a sign-in from an unrecognized device in another country. She clicked
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And those are just the ones people actually reported. If you're asking what is phishing, you're asking the
The $4.88 Million Problem Sitting in Your Inbox Right Now In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — essentially sophisticated fake mail — cost victims over $2.9 billion in a single year. That wasn't a spike. It was a trend.
Welcome to the Phish Tour: How a Single Email Becomes a Full-Blown Breach In March 2023, the FBI's IC3 received over 298,000 complaints related to phishing schemes — more than any other cybercrime category by a wide margin. That number has only climbed since. Yet most people still
