Tag

Credential Theft Prevention

Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.

posts

Strong Password Examples

Strong Password Examples That Actually Stop Hackers

In 2023, a single reused password gave threat actors access to 23andMe's credential stuffing attack, ultimately exposing the genetic data of 6.9 million users. The attackers didn't exploit a zero-day vulnerability. They didn't deploy sophisticated malware. They simply tried known username-password combinations from

Carl B. Johnson May 20, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

The Threat Already Inside Your Network In 2023, Tesla disclosed that two former employees had leaked the personal data of more than 75,000 workers to a German news outlet. It wasn't a sophisticated hack. It wasn't a nation-state threat actor. It was people who already

Carl B. Johnson May 17, 2026 5 min read
Fake Email

Fake Email: How to Spot One Before It Costs You

In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on

Carl B. Johnson May 06, 2026 5 min read
Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

The Breach That Started With "Company2024!" In January 2024, a mid-size healthcare company lost 2.3 million patient records. The root cause wasn't a sophisticated zero-day exploit. It wasn't a nation-state threat actor. It was an employee who reused the same password across their

Carl B. Johnson Apr 29, 2026 5 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Bypass Filters

In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual

Carl B. Johnson Apr 24, 2026 6 min read
Strong Passwords

How to Create a Strong Password That Actually Works

In 2023, a single reused password gave a threat actor access to 23andMe's credential-stuffing attack that exposed the data of nearly 7 million users. The attacker didn't exploit a zero-day vulnerability or deploy sophisticated malware. They just tried stolen passwords from other breaches — and millions of

Carl B. Johnson Apr 23, 2026 5 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Your Team Must Know

In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,

Carl B. Johnson Apr 22, 2026 5 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be a legitimate video call and email chain from the company's CFO. It was all fake — the video was a deepfake, and the emails were

Carl B. Johnson Apr 17, 2026 5 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,

Carl B. Johnson Apr 12, 2026 5 min read