Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

Phishing News

Phishing News: The Attacks Dominating 2022 So Far

In August 2022, Twilio disclosed that a sophisticated phishing campaign had compromised employee credentials and exposed data tied to over 130 organizations — including the encrypted messaging giant Signal. A month earlier, a massive phishing operation dubbed "0ktapus" by researchers at Group-IB had already hit over 130 companies. If

Carl B. Johnson Sep 04, 2022 6 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In March 2022, the threat actor group Lapsus$ breached Okta, Microsoft, and Samsung — not through some sophisticated zero-day exploit, but through phishing scams and social engineering that tricked employees into handing over credentials. A group reportedly led by teenagers compromised some of the largest technology companies on the planet. If

Carl B. Johnson Sep 04, 2022 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Big Breaches

In March 2022, the FBI warned that business email compromise — a category dominated by spear phishing — cost victims over $2.4 billion in 2021 alone, making it the most financially damaging cybercrime category in the FBI IC3 Annual Report. That number dwarfs ransomware losses. So what is spear phishing, exactly,

Carl B. Johnson Aug 23, 2022 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2022

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor — potentially impacting hundreds of enterprise customers downstream. The attack didn't exploit some exotic zero-day. It exploited a human being who clicked a link. If you're here to define phishing,

Carl B. Johnson Aug 23, 2022 6 min read
Phishing Email

How to Recognize a Phishing Email Before You Click

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most complained-about cybercrime in 2021, with over 323,000 victims — more than double the number from just two years prior. That stat doesn't surprise me. What surprises me is how many

Carl B. Johnson May 25, 2022 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's account — and the initial access vector was social engineering. One employee, one credential, and suddenly a company trusted by thousands of organizations was in the headlines. If you think phishing only targets

Carl B. Johnson May 25, 2022 7 min read
Phishing

What Is Phishing? A Security Pro's Field Guide

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's laptop — and the initial access vector was social engineering. A single employee interaction opened the door to a breach that rattled hundreds of downstream customers. If you're asking what is

Carl B. Johnson May 25, 2022 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of spear phishing — caused $2.4 billion in adjusted losses in 2021 alone. That dwarfs every other cybercrime category. Meanwhile, broad phishing campaigns still top the list as the most common attack

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

The Phishing Email That Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that attackers used carefully crafted phishing emails to trick finance department employees into wiring $46.7 million to overseas accounts controlled by threat actors. The emails impersonated executives. They looked legitimate. And trained professionals

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In March 2022, the threat actor group Lapsus$ breached Okta by compromising a single employee's credentials through a social engineering attack. One phished account. That's all it took to put thousands of downstream customers at risk. If you're wondering how to avoid phishing attacks,

Carl B. Johnson May 25, 2022 8 min read