Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

FakeEmail

FakeEmail Attacks: How Spoofed Messages Bypass Filters

In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual

Carl B. Johnson Apr 24, 2026 6 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Your Team Must Know

In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,

Carl B. Johnson Apr 22, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

In late 2024, security researchers at Avanan documented a surge of phishing campaigns that weaponized legitimate DocuSign and PayPal infrastructure to deliver convincing credential theft attacks. The emails didn't come from spoofed domains. They came from the actual DocuSign and PayPal platforms — which is exactly why they sailed

Carl B. Johnson Apr 22, 2026 5 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2026 Survival Guide

Last March, a finance director at a mid-size logistics company wired $2.1 million to a threat actor who had spoofed the CEO's email address. The message looked perfect — right tone, right signature, right sense of urgency. The only thing wrong was the reply-to domain, off by a

Carl B. Johnson Apr 20, 2026 5 min read
Phish Tour

Phish Tour: A Guided Tour Through Modern Phishing

Welcome to the Phish Tour Nobody Asked For In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call. The threat actor convinced a help desk employee to reset credentials. Total estimated cost: over $100 million. That attack didn&

Carl B. Johnson Apr 17, 2026 5 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be a legitimate video call and email chain from the company's CFO. It was all fake — the video was a deepfake, and the emails were

Carl B. Johnson Apr 17, 2026 5 min read
Phishing

What Is Phishing? The Attack Behind 80% of Breaches

In 2023, a single phishing email gave threat actors access to MGM Resorts' entire IT infrastructure. The attackers impersonated an employee on a help desk call — a technique they refined through information harvested from a phishing campaign. The result was over $100 million in losses and days of operational

Carl B. Johnson Apr 16, 2026 5 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,

Carl B. Johnson Apr 12, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $100 Million In 2017, a Lithuanian man tricked Google and Facebook employees into wiring over $100 million to bank accounts he controlled. His weapon wasn't malware. It wasn't a zero-day exploit. It was email. He sent invoices that looked like

Carl B. Johnson Apr 05, 2026 5 min read