Tag

Spear Phishing

Dive into the world of spear phishing — highly targeted email attacks that impersonate trusted contacts to steal credentials or deploy malware. These articles break down real attack examples, explain how attackers research victims, and offer concrete defense techniques.

posts

Whaling Attacks

Whaling Attack Cybersecurity: How Execs Get Targeted

A Single Email Cost This Company $47 Million In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO via email and convinced a finance employee to transfer funds for a fake acquisition. The CEO and CFO were both fired. The company's

Carl B. Johnson Sep 21, 2025 8 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In January 2024, a finance employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The attackers had spent weeks researching the company's org chart,

Carl B. Johnson Sep 18, 2024 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not

Carl B. Johnson Jul 23, 2024 8 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In January 2023, Reddit disclosed that an attacker had used a carefully crafted phishing email — targeting a specific employee with internal details about the company — to steal credentials and access internal systems. It wasn't a mass-blast scam. It was a precision strike. That's spear phishing in

Carl B. Johnson May 02, 2024 7 min read
Whaling Attack

Whaling Attack Cybersecurity: How Execs Get Targeted

The $47 Million Email That Fooled a Fortune 500 CFO In 2016, an Austrian aerospace company called FACC lost €42 million (roughly $47 million USD) because a threat actor impersonated the CEO in an email to the finance department. The message requested an urgent wire transfer for a fake acquisition

Carl B. Johnson Apr 08, 2024 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In March 2022, the threat actor group Lapsus$ breached Okta by spear phishing a single support engineer at a third-party contractor. That one compromised account gave the attackers a foothold that ultimately affected roughly 366 Okta customers. Not a mass email blast. Not a Nigerian prince scam. One carefully researched,

Carl B. Johnson Oct 24, 2022 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Big Breaches

In March 2022, the FBI warned that business email compromise — a category dominated by spear phishing — cost victims over $2.4 billion in 2021 alone, making it the most financially damaging cybercrime category in the FBI IC3 Annual Report. That number dwarfs ransomware losses. So what is spear phishing, exactly,

Carl B. Johnson Aug 23, 2022 8 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a direct descendant of spear phishing — cost organizations over $2.4 billion in 2021 alone. That number dwarfs ransomware losses. Yet most people I talk to still think phishing means a badly written email

Carl B. Johnson Apr 22, 2022 6 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In July 2020, a teenager from Florida used spear phishing to compromise the internal tools at Twitter, hijacking 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — to run a Bitcoin scam. The attack didn't exploit some exotic zero-day vulnerability. It started with targeted messages

Carl B. Johnson Aug 24, 2021 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In December 2020, the world learned that SolarWinds — a company whose software sat inside thousands of government and corporate networks — had been compromised by a sophisticated nation-state threat actor. The initial intrusion vector? Targeted, carefully crafted communications designed to exploit trust. If you're asking what is spear phishing,

Carl B. Johnson Jul 01, 2021 8 min read