Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

Fake Mail

Fake Mail: How to Spot It Before It Costs You

In May 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — accounted for over $2.9 billion in adjusted losses in 2023 alone. That number has only grown. I've personally worked cases where a single convincing email

Carl B. Johnson Dec 27, 2025 7 min read
Phishing Scams

What Is a Phishing Scam? A Real-World Guide for 2025

In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing

Carl B. Johnson Dec 27, 2025 7 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags to Catch Now

The Email That Cost MGM Resorts $100 Million In September 2023, a single social engineering attack — starting with a phone call but rooted in the same deception principles as phishing emails — led to a breach at MGM Resorts that cost the company over $100 million. The threat actors behind the

Carl B. Johnson Dec 13, 2025 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of

Carl B. Johnson Dec 13, 2025 8 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In May 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a category built almost entirely on fake emails — accounted for over $2.9 billion in adjusted losses in a single year. That figure dwarfed ransomware losses by a factor of nearly 50. And those

Carl B. Johnson Dec 13, 2025 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One

Carl B. Johnson Dec 13, 2025 7 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call that appeared to feature the company's CFO. The deepfake was convincing, but the attack started with something far simpler — a phishing link embedded

Carl B. Johnson Dec 09, 2025 7 min read
Spoofing

What Is Spoofing? The Attack Behind 90% of Breaches

In March 2025, the FBI's Internet Crime Complaint Center reported that spoofing-related fraud accounted for billions in losses across American businesses and individuals. Every major data breach investigation I've worked on in the past five years started the same way — someone trusted something that wasn'

Carl B. Johnson Dec 09, 2025 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Bypasses Filters

A Legitimate DocuSign Email That Steals Your PayPal Credentials In November 2024, Avanan researchers documented a wave of attacks where threat actors sent phishing emails through DocuSign's actual platform — not spoofed emails, but real DocuSign notifications. The documents inside impersonated PayPal invoices requesting payment authorization for hundreds or

Carl B. Johnson Dec 05, 2025 7 min read