Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

Phishing

Phishing Attacks in 2022: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing

Carl B. Johnson Sep 22, 2022 8 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags That Matter

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most common cybercrime in 2021, with over 323,000 victims — more than double the count from 2019. That number is climbing again in 2022. If you're searching for how to spot

Carl B. Johnson Sep 22, 2022 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

A Single Email Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that employees had been tricked into wiring $46.7 million to overseas accounts controlled by attackers. The weapon wasn't malware or a zero-day exploit. It was email. If you've ever asked

Carl B. Johnson Sep 22, 2022 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

The $2.4 Billion Problem Sitting in Your Inbox In 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a category driven almost entirely by fake emails — accounted for nearly $2.4 billion in adjusted losses. That made it the single costliest cybercrime type reported.

Carl B. Johnson Sep 22, 2022 7 min read
Phishing Links

What Is a Phishing Link? Anatomy of a Click That Costs Millions

In March 2022, a single employee at Okta clicked a link in what appeared to be a routine IT notification. That one click gave the Lapsus$ threat actor group access to internal systems, ultimately affecting roughly 2.5% of Okta's customer base — hundreds of organizations. The attack didn&

Carl B. Johnson Sep 04, 2022 8 min read
Spoofing

What Is Spoofing? The Attack Behind 80% of Breaches

In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — a scheme built almost entirely on spoofing — cost victims over $2.4 billion in 2021 alone. That made it the single most financially devastating category of cybercrime they tracked. Not ransomware. Not cryptojacking. Spoofing-based

Carl B. Johnson Sep 04, 2022 6 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How to Spot This Sneaky Scam

A Perfectly Forged Invoice That Almost Worked Last month, a controller at a mid-sized logistics company forwarded me an email she'd almost clicked. It looked like a DocuSign envelope notification for a PayPal invoice — complete with the yellow DocuSign button, a legitimate-looking PayPal logo, and a $3,200

Carl B. Johnson Sep 04, 2022 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Really Start

In March 2022, threat actor group Lapsus$ breached Okta by compromising a single support engineer's laptop — an attack chain that started with social engineering and credential theft. One employee. One set of stolen credentials. And suddenly, a company trusted by thousands of organizations to manage authentication was scrambling

Carl B. Johnson Sep 04, 2022 7 min read