Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing

Phishing in 2026: What's Actually Working Against It

The Threat That Refuses to Die In January 2025, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing and its variants remained the number one reported cybercrime by volume — for the fifth consecutive year. Over 298,000 complaints. That number only counts the

Carl B. Johnson Jan 18, 2026 7 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

In December 2025, the FBI issued a stark public warning: delete suspicious text messages immediately. The advisory specifically called out a wave of smishing texts — SMS-based phishing attacks — targeting Americans with fake toll road notices, package delivery scams, and fraudulent financial alerts. The bureau's Internet Crime Complaint Center

Carl B. Johnson Jan 18, 2026 7 min read
Phish Tour

Phish Tour: A Guided Walk Through Modern Attacks

Welcome to the Phish Tour Nobody Asked For In March 2025, a finance employee at a mid-size manufacturing firm received a Microsoft Teams message from someone impersonating the CFO. The message included a link to a SharePoint page that looked flawless. Within 90 seconds, the employee entered their credentials. Within

Carl B. Johnson Jan 18, 2026 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In May 2025, the FBI's Internet Crime Complaint Center reported that phishing was — for the ninth consecutive year — the most-reported cybercrime category, with over 300,000 complaints in a single year. That number only counts the people who bothered to report it. The real volume is staggering. Yet

Carl B. Johnson Jan 17, 2026 7 min read
Phishing

Definition of a Phishing Attack: What It Really Looks Like

The MGM Breach Started With a Single Phone Call In September 2023, a threat actor called the MGM Resorts help desk, pretended to be an employee, and talked their way into a credential reset. Within hours, the Scattered Spider group had deep access to MGM's systems. The result:

Carl B. Johnson Jan 17, 2026 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Beat Your Defenses

In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing voice call — a single, well-researched phone call to the company's IT help desk — to compromise the entire organization. The attacker already knew the target employee's name,

Carl B. Johnson Jan 17, 2026 8 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

In May 2025, the FBI issued a stark warning: sophisticated AI-driven phishing attacks are now targeting Gmail's 2.5 billion users with emails so convincing that even seasoned IT professionals are getting fooled. The FBI warns Gmail users of sophisticated AI-driven phishing attacks that leverage generative AI to

Carl B. Johnson Dec 27, 2025 7 min read
Phishing

Phishing Attacks in 2025: What Actually Works to Stop Them

In January 2025, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The attack started the same way almost all of them do — with a phishing email. If you'

Carl B. Johnson Dec 27, 2025 7 min read
Phishing Scams

What Is a Phishing Scam? A Real-World Guide for 2025

In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing

Carl B. Johnson Dec 27, 2025 7 min read