Examines credential theft methods such as keylogging, brute force attacks, credential stuffing, and password spraying. Learn how attackers steal login information and what defensive measures organizations can deploy to safeguard user credentials.
posts
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints about phishing — making it the most reported cybercrime in the United States for the fifth consecutive year. Yet when I ask employees during security assessments to explain what phishing actually is, most give me a
One Click Cost This Company $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call and a phishing email. Threat actors from the Scattered Spider group used social engineering to gain access, eventually deploying ransomware that disrupted operations
A Single Text Message Cost One Company $15 Million In 2022, Twilio disclosed that attackers used SMS phishing — smishing — to trick employees into surrendering their credentials. The threat actors sent text messages impersonating the company's IT department, directing staff to a fake login page. That single campaign compromised
A Single Email Cost This Company $100 Million In 2019, Toyota Boshoku Corporation wired $37 million to a threat actor who impersonated a business partner via email. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices over two years. These weren't
A Single Click That Cost $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phishing attack that started with a phone call to an IT help desk. Threat actors from the Scattered Spider group used social engineering to impersonate
The FBI Gmail Alert That Should Have Your Full Attention In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 298,000 phishing complaints — and Gmail accounts were among the most targeted. The FBI has repeatedly issued warnings about sophisticated phishing campaigns targeting Gmail users, including AI-generated
