Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2022

The FBI Is Warning Gmail Users — And Most People Aren't Listening In March 2022, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing — including attacks targeting Gmail users specifically — generated more victim complaints than any other cybercrime category. Over 300,000

Carl B. Johnson Oct 24, 2022 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In January 2022, the FBI released an advisory warning that criminals were increasingly using voice phishing (vishing) and SMS phishing (smishing) to steal credentials, drain bank accounts, and breach corporate networks. This wasn't a

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Awareness

How to Spot Phishing Emails: 9 Red Flags That Matter

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most common cybercrime in 2021, with over 323,000 victims — more than double the count from 2019. That number is climbing again in 2022. If you're searching for how to spot

Carl B. Johnson Sep 22, 2022 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

The FakeEmail Problem Is Bigger Than You Think In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that covers most fakeemail schemes — accounted for $2.4 billion in adjusted losses in 2021 alone. That made it the single most financially damaging

Carl B. Johnson Sep 22, 2022 7 min read
Phishing Links

What Is a Phishing Link? Anatomy of a Click That Costs Millions

In March 2022, a single employee at Okta clicked a link in what appeared to be a routine IT notification. That one click gave the Lapsus$ threat actor group access to internal systems, ultimately affecting roughly 2.5% of Okta's customer base — hundreds of organizations. The attack didn&

Carl B. Johnson Sep 04, 2022 8 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

A Single Phishing Email Led to a $100 Million Heist Between 2013 and 2015, a Lithuanian man orchestrated one of the most audacious cases of group online svindel ever documented. Evaldas Rimasauskas and his associates impersonated a legitimate Asian hardware manufacturer and tricked both Google and Facebook into wiring over

Carl B. Johnson Sep 04, 2022 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How to Spot This Sneaky Scam

A Perfectly Forged Invoice That Almost Worked Last month, a controller at a mid-sized logistics company forwarded me an email she'd almost clicked. It looked like a DocuSign envelope notification for a PayPal invoice — complete with the yellow DocuSign button, a legitimate-looking PayPal logo, and a $3,200

Carl B. Johnson Sep 04, 2022 7 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

Every week, I get emails from readers asking the same type of question: "I found this app called Removed — is it legit?" Sometimes it's Removed, sometimes it's another obscure app that popped up in a search result, an ad, or a text message from

Carl B. Johnson Aug 23, 2022 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Big Breaches

In March 2022, the FBI warned that business email compromise — a category dominated by spear phishing — cost victims over $2.4 billion in 2021 alone, making it the most financially damaging cybercrime category in the FBI IC3 Annual Report. That number dwarfs ransomware losses. So what is spear phishing, exactly,

Carl B. Johnson Aug 23, 2022 8 min read