Tag

Email Security

Comprehensive guides on protecting email accounts and infrastructure from cyber threats. Covers email authentication protocols like SPF, DKIM, and DMARC, encryption best practices, spam filtering, and organizational policies that reduce the risk of email-based attacks.

posts

Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets People

A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects

Carl B. Johnson Sep 22, 2025 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2025 Survival Guide

In May 2025, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number-one reported cybercrime for the fifth consecutive year, with losses tied to business email compromise alone exceeding $2.9 billion annually in recent reports. I've spent over two decades

Carl B. Johnson Sep 22, 2025 7 min read
Business Email Compromise

Business Email Compromise: The $2.9B Threat in 2025

In December 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The real CFO had never scheduled the meeting. This

Carl B. Johnson Sep 22, 2025 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider socially engineered its way past the help desk with a single phone call. But the reconnaissance that made that call possible? It started with spear phishing — targeted research, crafted messaging, and a specific human

Carl B. Johnson Sep 22, 2025 7 min read
CEO Fraud

CEO Fraud Email Scam: How Attackers Steal Millions

A Single Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the category that includes every CEO fraud email scam — generated adjusted losses exceeding $2.9 billion in a single year. That number has held steady as one

Carl B. Johnson Mar 05, 2025 7 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In January 2024, a finance employee at a multinational firm in Hong Kong joined what appeared to be a routine video call with the company's CFO. Everything looked normal — the CFO's face, voice, and mannerisms were all spot-on. The employee followed instructions and wired $25 million

Carl B. Johnson Dec 10, 2024 7 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

In January 2024, a finance employee at a multinational engineering firm in Hong Kong wired $25.6 million to threat actors after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with

Carl B. Johnson Dec 10, 2024 7 min read
Phish

Phish: Why One Click Still Causes Million-Dollar Breaches

In January 2024, a finance employee at engineering firm Arup received an email inviting them to a video call with the company's CFO. Everything looked legitimate — the email, the meeting link, even the faces on the screen. It was all a deepfake-powered phish. That single interaction cost Arup

Carl B. Johnson Nov 07, 2024 7 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

In January 2024, a finance worker at British engineering firm Arup was tricked into wiring $25 million to criminals after a video call — a call that started with a single fake email. The message looked like it came from the company's CFO. Everything about it — the sender name,

Carl B. Johnson Oct 17, 2024 8 min read