Tag

Credential Theft Prevention

Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.

posts

Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

Every Great Attack Starts With a Setlist In July 2021, a single phishing email gave a threat actor access to credentials at a Florida IT management firm, triggering the Kaseya VSA ransomware attack that cascaded to over 1,500 businesses worldwide. One click. One employee. One email that someone didn&

Carl B. Johnson Aug 31, 2021 7 min read
Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In July 2020, attackers spoofed internal Twitter tools to hijack 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in hours. The attack didn't rely on some exotic zero-day exploit. It relied on spoofing: making something fake

Carl B. Johnson Aug 08, 2021 7 min read
AI Phishing Attacks

Gmail Users Warned About Sophisticated AI-Driven Phishing

Last month, a finance director at a mid-sized logistics company received a Gmail message that looked exactly like a Google Workspace security alert. The branding was pixel-perfect. The language was flawless. The sender address passed a casual glance test. She clicked, entered her credentials, and within 90 minutes a threat

Carl B. Johnson Jul 29, 2021 7 min read
Spear Phishing vs Phishing

Spear Phishing vs Phishing: What Actually Gets You Hacked

In 2020, Twitter lost control of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — because a 17-year-old used spear phishing to trick a handful of Twitter employees into handing over internal credentials. The attackers didn't blast a million inboxes with a generic "Your account has

Carl B. Johnson May 04, 2021 6 min read
Phishing Simulation Training

Phishing Simulation Training: Why 97% of Users Fail

In March 2021, a single phishing email led to a credential theft incident at a mid-size manufacturing firm in Ohio. The attacker impersonated the CEO, asked the controller to update direct deposit information, and walked away with $1.7 million. The email had two typos, a slightly wrong domain, and

Carl B. Johnson May 04, 2021 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In December 2020, the Treasury Department and the Department of Commerce confirmed they'd been breached through a supply chain attack that started, in part, with carefully crafted phishing emails targeting key personnel. If federal agencies with dedicated security teams can get caught, your organization isn't immune

Carl B. Johnson Apr 15, 2021 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In March 2020, a single phishing email led to a credential theft incident at Magellan Health that exposed data on 365,000 patients. The attacker impersonated a Magellan executive, tricked one employee, and spent five days inside the network before anyone noticed. A functioning phishing awareness program might have stopped

Carl B. Johnson Apr 15, 2021 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In July 2020, a teenager convinced Twitter employees to hand over internal credentials through a phone-based social engineering attack. The result: hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — broadcasting a Bitcoin scam to hundreds of millions of followers. The attacker didn't exploit a

Carl B. Johnson Apr 12, 2021 7 min read
Password Manager Benefits

Password Manager Benefits: Why Pros Won't Work Without One

The Breach That Started With a Sticky Note In 2020, a senior employee at a Florida water treatment facility reportedly reused passwords across multiple systems — including the one controlling sodium hydroxide levels in the public water supply. That incident, disclosed in early February 2021, showed exactly how a single weak

Carl B. Johnson Jan 14, 2021 6 min read
Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Actually Matters

In July 2020, a teenager orchestrated one of the most high-profile breaches in social media history — the Twitter hack that compromised accounts belonging to Barack Obama, Elon Musk, and Apple. The attack vector? Social engineering and credential theft that bypassed weak authentication controls. It was a brutal reminder that passwords

Carl B. Johnson Jan 11, 2021 6 min read