Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

DNS Spoofing Attack

DNS Spoofing Attack: How It Works and How to Stop It

In April 2024, security researchers at Akamai reported a massive DNS hijacking campaign targeting over 600 domains, redirecting users to credential harvesting pages that looked identical to legitimate banking and email portals. Victims had no idea they were on a fake site. Their browsers showed no warnings. The URLs looked

Carl B. Johnson Dec 19, 2024 8 min read
Cross-Site Scripting

Cross-Site Scripting Explained: A Practical Guide

In September 2024, a security researcher discovered a stored cross-site scripting vulnerability in a major email platform that allowed attackers to execute arbitrary JavaScript the moment a victim opened a crafted message. No clicks required beyond reading the email. The vulnerability sat unpatched for weeks. If you think XSS is

Carl B. Johnson Dec 10, 2024 8 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

In January 2024, a finance employee at a multinational engineering firm in Hong Kong wired $25.6 million to threat actors after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with

Carl B. Johnson Dec 10, 2024 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a video call with what appeared to be the company's CFO. It was a deepfake. The attack started with a single phishing email. If your phishing definition still

Carl B. Johnson Oct 17, 2024 7 min read
Phishing Emails

How to Spot Phishing Emails: A Practical Guide

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated cousin of phishing — accounted for over $2.9 billion in adjusted losses in 2023 alone. That's not a typo. And those are just

Carl B. Johnson Sep 11, 2024 8 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

That Email From Your CEO? It Was a FakeEmail. In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after attending a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a

Carl B. Johnson Aug 19, 2024 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2024, a single employee at a mid-sized accounting firm double-clicked a file named Invoice_Final_v2.exe. Within 40 minutes, the LockBit ransomware variant had encrypted 14,000 files across three networked drives. The ransom demand was $2.2 million. The firm's antivirus was installed. It

Carl B. Johnson Jul 13, 2024 6 min read
Cyber Security

Cyber Security in 2024: What Actually Works Now

The $4.88 Million Wake-Up Call You Can't Afford to Ignore IBM's 2024 Cost of a Data Breach Report pegs the global average cost of a breach at $4.88 million — the highest figure ever recorded. That's not a typo. And it's

Carl B. Johnson Jul 13, 2024 8 min read
Security of Cyberspace

Security of Cyberspace: What Actually Works in 2024

A $12.5 Billion Problem Nobody Can Ignore The FBI's Internet Crime Complaint Center reported $12.5 billion in losses from cybercrime in 2023 — a 22% increase from the prior year. That number represents real money stolen from real organizations, many of whom believed they had adequate defenses.

Carl B. Johnson Jul 10, 2024 7 min read