Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready In late 2024, the FBI issued a stark public service announcement: threat actors are using generative AI to craft phishing emails so convincing that even seasoned IT professionals struggle to spot them. The

Carl B. Johnson Jun 12, 2019 7 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — caused adjusted losses exceeding $2.9 billion. That single category of email fraud outpaced every other cybercrime type in financial damage. And those are just the cases that got

Carl B. Johnson Jun 12, 2019 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In early 2024, the FBI's Internet Crime Complaint Center (IC3) flagged a sharp escalation in vishing and smishing campaigns targeting businesses and individuals across the United States. The 2023 IC3 Annual Report documented over

Carl B. Johnson Jun 12, 2019 7 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

Your Inbox Is a Buffet — and Attackers Are Feeding In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The cost? Over $100 million in losses. The attacker didn't exploit a zero-day

Carl B. Johnson Apr 05, 2019 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

A Single PayPal Email Cost One Business Owner $68,000 I got the call on a Tuesday morning. A small business owner in Ohio had received what looked like a routine PayPal dispute notification. She clicked the link, entered her credentials, and within four hours, a threat actor had drained

Carl B. Johnson Apr 05, 2019 8 min read
Spoofing Caller

Spoofing Caller Attacks: How to Detect and Stop Them

The Phone Call That Cost One Company $23.5 Million In 2024, a finance executive at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The voice on the

Carl B. Johnson Apr 01, 2019 7 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

Last year, a finance director at a mid-sized logistics company clicked a link in what looked like a DocuSign notification. Fourteen seconds later, a threat actor had her Microsoft 365 credentials. Within two hours, the attacker had redirected a $380,000 wire transfer to an overseas account. The link she

Carl B. Johnson Apr 01, 2019 7 min read
Is It Legit

Removed App: Is It Legit or a Security Risk?

When "Removed" Shows Up and You Don't Know Why Last month, a colleague forwarded me a screenshot from their phone. An app called "Removed" appeared in their app list, and they had no memory of installing it. Their first instinct was to Google "

Carl B. Johnson Mar 20, 2019 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used spear phishing emails to impersonate executives and trick finance staff into wiring $46.7 million to overseas accounts. They eventually recovered some funds, but the damage was done. That wasn't a

Carl B. Johnson Mar 20, 2019 8 min read