Tag

Phishing Attacks

In-depth coverage of phishing attacks, including spear phishing, whaling, vishing, and smishing campaigns. Posts analyze attack methods, explore recent phishing trends, and provide defensive strategies that help organizations reduce their exposure to credential theft and data breaches.

posts

Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the

Carl B. Johnson Jul 13, 2024 7 min read
Trojan Horse Malware

Trojan Horse Malware: How It Gets In and How to Stop It

In September 2022, Uber disclosed a breach that started with a single employee accepting a multi-factor authentication push notification they shouldn't have. The threat actor behind it — linked to the Lapsus$ group — had already compromised the employee's credentials. But the initial foothold? Social engineering and malware

Carl B. Johnson Jan 24, 2023 7 min read
Phishing Definition

Definition of a Phishing Attack: What It Really Looks Like

In March 2022, the hacking group Lapsus$ breached Okta by phishing a single contractor's credentials. That one successful social engineering attack gave threat actors access to systems used by thousands of companies worldwide. If you're searching for the definition of a phishing attack, that incident is

Carl B. Johnson Oct 24, 2022 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

A Single Email Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that employees had been tricked into wiring $46.7 million to overseas accounts controlled by attackers. The weapon wasn't malware or a zero-day exploit. It was email. If you've ever asked

Carl B. Johnson Sep 22, 2022 7 min read
Data Breach Examples

Data Breach Examples: Lessons That Still Apply in 2022

In January 2022, the International Committee of the Red Cross disclosed that a sophisticated cyberattack compromised the personal data of more than 515,000 vulnerable people — including refugees, detainees, and missing persons. The attackers exploited an unpatched vulnerability in a single system. One missed update. Half a million of the

Carl B. Johnson Feb 24, 2022 6 min read
Trojan Horse Malware

Trojan Horse Malware: What It Is and How to Stop It

In July 2021, the REvil ransomware gang exploited a vulnerability in Kaseya's VSA software and dropped a trojan payload onto the systems of roughly 1,500 businesses worldwide. The attack didn't arrive as an obvious virus. It masqueraded as a legitimate software update — the textbook definition

Carl B. Johnson Sep 03, 2021 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

The FakeEmail That Cost One Company $75 Million In 2020, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail techniques — generated over $1.8 billion in losses in a single year. That made it the costliest category of cybercrime, beating ransomware by

Carl B. Johnson Aug 15, 2021 7 min read
Phishing News

Phishing News: The Attacks Dominating 2021 So Far

2021's Phishing Landscape Is Unlike Anything We've Seen Before In March, Microsoft reported that a massive phishing campaign had targeted over 10,000 organizations since January 2021, using sophisticated OAuth token theft to bypass multi-factor authentication. That single campaign should have been a wake-up call. Instead,

Carl B. Johnson Jul 13, 2021 7 min read
Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — often launched using a fake mailer or spoofing tool — cost American organizations over $1.8 billion in 2020 alone. That made it the most financially damaging cybercrime category in the entire IC3 report, dwarfing

Carl B. Johnson Jul 01, 2021 7 min read
Ransomware Examples

Ransomware Examples: What 2020-2021 Attacks Teach Us

The Ransomware Epidemic Is Already Here When someone searches for ransomware examples — whether they're typing "2026" or any other year — they're really asking one question: what does a real ransomware attack look like, and how do I stop it from happening to me? I&

Carl B. Johnson Mar 12, 2021 6 min read