Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In July 2020, a teenager from Florida used spear phishing to compromise the internal tools at Twitter, hijacking 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — to run a Bitcoin scam. The attack didn't exploit some exotic zero-day vulnerability. It started with targeted messages

Carl B. Johnson Aug 24, 2021 7 min read
AI Phishing Attacks

FBI Warns Gmail Users: AI-Driven Phishing Attacks Rise

Earlier this year, the FBI's Internet Crime Complaint Center (IC3) reported that phishing schemes were the most reported cybercrime in 2020, with 241,342 complaints and adjusted losses exceeding $54 million. Now the threat is evolving fast. The FBI warns Gmail users of sophisticated AI-driven phishing attacks that

Carl B. Johnson Aug 24, 2021 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

In January 2020, the FBI and CISA issued a joint advisory warning organizations about a wave of vishing attacks targeting remote workers. By mid-2021, the problem has only gotten worse. The FBI's Internet Crime Complaint Center (IC3) reported over 240,000 phishing, vishing, and smishing complaints in 2020

Carl B. Johnson Aug 18, 2021 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

In January 2021, a wave of PayPal phishing attacks hit inboxes so convincingly that even security-savvy professionals did a double take. The emails replicated PayPal's branding pixel-for-pixel, warned of "unusual activity" on the recipient's account, and linked to a login page hosted on a

Carl B. Johnson Aug 15, 2021 7 min read
Phishing Links

What Is a Phishing Link? How Attackers Steal Data

In July 2021, a single phishing link sent to an employee at a Florida IT management company led to the Kaseya ransomware attack — one of the largest supply chain compromises in history. Over 1,500 businesses were affected downstream. That's the reality of what a phishing link can

Carl B. Johnson Aug 08, 2021 7 min read
AI Phishing Attacks

Gmail Users Warned About Sophisticated AI-Driven Phishing

Last month, a finance director at a mid-sized logistics company received a Gmail message that looked exactly like a Google Workspace security alert. The branding was pixel-perfect. The language was flawless. The sender address passed a casual glance test. She clicked, entered her credentials, and within 90 minutes a threat

Carl B. Johnson Jul 29, 2021 7 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

A $12 Billion Problem You Can't Ignore In June 2021, Europol dismantled a massive fraud network spanning dozens of countries. The ring had siphoned millions from victims through coordinated romance scams, investment fraud, and business email compromise. This wasn't a lone hacker in a basement. It

Carl B. Johnson Jul 29, 2021 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How to Spot This Attack

Last month, a finance manager at a mid-sized logistics company received what looked like a routine DocuSign envelope — a payment authorization supposedly routed through PayPal. She clicked, entered her PayPal credentials on a pixel-perfect fake login page, and within 90 minutes, the attacker had initiated $38,000 in wire transfers.

Carl B. Johnson Jul 29, 2021 7 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

When "Removed" Shows Up, Your Instincts Are Right to Question It Last month, I received three separate emails from readers asking the same question: they'd encountered an app, service, or website branded as "Removed" and wanted to know — removed is it legit? The fact

Carl B. Johnson Jul 13, 2021 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In December 2020, the world learned that SolarWinds — a company whose software sat inside thousands of government and corporate networks — had been compromised by a sophisticated nation-state threat actor. The initial intrusion vector? Targeted, carefully crafted communications designed to exploit trust. If you're asking what is spear phishing,

Carl B. Johnson Jul 01, 2021 8 min read