Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

Business Email Compromise

Business Email Compromise: The $2.4 Billion Threat

In 2021, the FBI's Internet Crime Complaint Center received 19,954 business email compromise complaints with adjusted losses of nearly $2.4 billion. That made BEC the single most financially damaging cybercrime category — beating ransomware by a factor of almost 49 to 1. And those are just the

Carl B. Johnson May 01, 2022 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a direct descendant of spear phishing — cost organizations over $2.4 billion in 2021 alone. That number dwarfs ransomware losses. Yet most people I talk to still think phishing means a badly written email

Carl B. Johnson Apr 22, 2022 6 min read
CEO Fraud Email Scam

CEO Fraud Email Scam: How to Stop It Cold

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — generated $1.8 billion in reported losses in 2020 alone. That made it the single most financially damaging cybercrime category in the entire IC3 report,

Carl B. Johnson Oct 01, 2021 7 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida managed service provider, which cascaded into the massive Kaseya VSA ransomware attack affecting up to 1,500 businesses worldwide. One click. One employee who didn't know how to spot

Carl B. Johnson Aug 31, 2021 8 min read
Phishing

What Is Phishing? The Attack Behind 36% of Breaches

In March 2021, a massive phishing campaign impersonating Microsoft Office 365 hit over 10,000 mailboxes across the financial services sector in a single week. The emails were nearly flawless — correct logos, legitimate-looking sender domains, and urgent language about password expiration. Dozens of employees handed over their credentials before anyone

Carl B. Johnson Aug 31, 2021 7 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

A Single Fake Email Cost Facebook and Google $120 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, complete with forged invoices and contracts. By the time both companies

Carl B. Johnson Aug 31, 2021 7 min read
Phishing

Phishing: Why 36% of Breaches Start in Your Inbox

The Inbox Is the Front Door — And It's Wide Open According to the 2021 Verizon Data Breach Investigations Report, phishing is involved in 36% of all confirmed data breaches. That number jumped 11 percentage points from the year before. Let that sink in — more than a third of

Carl B. Johnson Aug 31, 2021 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2021

In March 2021, a single phishing email led to a credential theft incident at a European banking authority that exposed personal data from thousands of email accounts. The attack wasn't sophisticated. It didn't exploit some exotic zero-day vulnerability. It started with a convincing email and a

Carl B. Johnson Aug 25, 2021 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In July 2020, a teenager from Florida used spear phishing to compromise the internal tools at Twitter, hijacking 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — to run a Bitcoin scam. The attack didn't exploit some exotic zero-day vulnerability. It started with targeted messages

Carl B. Johnson Aug 24, 2021 7 min read