Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attackers had spoofed not just an email address or

Carl B. Johnson Aug 19, 2024 8 min read
AI Phishing Attacks

Gmail Users Warned About Sophisticated AI-Driven Phishing

In May 2024, a Google security consultant named Sam Mitrovic nearly fell for a phishing call that used a convincing AI-generated voice impersonating Google support. The caller had a legitimate-looking Google phone number, referenced real account activity, and spoke with the polished fluency of a native English speaker. The only

Carl B. Johnson Aug 19, 2024 8 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks

Carl B. Johnson Aug 01, 2024 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.

Carl B. Johnson Jul 23, 2024 8 min read
Phishing News

Phishing News 2024: Attacks That Should Scare You

The Phishing Headlines Keep Getting Worse In January 2024, a finance worker at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That single incident captures everything terrifying about the current phishing news cycle: attacks are smarter, faster,

Carl B. Johnson Jul 23, 2024 6 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts

Carl B. Johnson Jul 23, 2024 8 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not

Carl B. Johnson Jul 23, 2024 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after attending a deepfake video call where every other "participant" — including the CFO — was an AI-generated impersonation. That single incident redefines what phishing looks like today. If you still

Carl B. Johnson Jul 16, 2024 7 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the

Carl B. Johnson Jul 13, 2024 7 min read
Phishing Psychology

How Phishing Emails Work: The Psychology Behind the Click

A Single Click Cost One Company $100 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing but phishing emails. No zero-day exploits. No advanced malware. Just carefully crafted messages that exploited human psychology. If you want to

Carl B. Johnson May 03, 2024 8 min read