Examines credential theft methods such as keylogging, brute force attacks, credential stuffing, and password spraying. Learn how attackers steal login information and what defensive measures organizations can deploy to safeguard user credentials.
posts
The Breach That Started With a Single Browser Extension In early 2024, a data breach at a mid-size healthcare firm started not with some sophisticated zero-day exploit, but with a Chrome extension an employee installed to manage their tabs. That extension harvested saved passwords, session cookies, and browser history. Within
In 2023, the FBI's IC3 received over 880,000 cybercrime complaints with losses exceeding $12.5 billion — and a growing share of those losses trace back to organized fraud rings, not lone hackers. Group online svindel — the coordinated, scalable online fraud committed by organized threat actor groups — is
The FBI Gmail Alert That Changed the Threat Landscape In late 2024, the FBI issued a stark public service announcement: sophisticated phishing campaigns were actively targeting Gmail's 1.8 billion users, and the attacks were so convincing that even security-savvy professionals were falling for them. By 2025, the
A Single Phish Email Took Down a $13 Billion Pipeline In May 2021, a single compromised password — likely harvested through a phish — shut down Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The company paid a $4.4 million ransom within hours. That's the
In May 2025, the FBI's Internet Crime Complaint Center reported that phishing was — for the ninth consecutive year — the most-reported cybercrime in the United States. Not ransomware. Not cryptojacking. Phishing. The simplest attack in the playbook continues to cause the most damage, and the phishing meaning most people
One Phishing Email Cost MGM Resorts $100 Million In September 2023, a single social engineering phone call — preceded by a carefully crafted phishing email reconnaissance campaign — led to the breach that shut down MGM Resorts' operations across Las Vegas. Slot machines went dark. Hotel room keys stopped working. The
In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. That's where phishing lives now — far beyond
The FBI Gmail Alerts That Should Have Your Attention In early 2024, the FBI issued multiple warnings about sophisticated attacks targeting Gmail users — and the threat landscape has only intensified since. These aren't the clumsy Nigerian prince scams of a decade ago. Threat actors are now using AI-generated
In 2023, a finance employee at a multinational firm wired $25 million after a video call with someone they believed was their CFO. It wasn't. The entire call — every face, every voice — was a deepfake fabricated by threat actors who'd spent weeks building a detailed pretext.
In March 2022, threat actors used a simple phishing text message to breach Okta through a third-party contractor, Sitel. That single compromised credential gave attackers access to internal systems supporting thousands of Okta's customers. The attack didn't require sophisticated malware or a zero-day exploit. It required
