Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phish Food

Phish Food: What Makes Employees Easy Targets

Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types

Carl B. Johnson Dec 13, 2025 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of

Carl B. Johnson Dec 13, 2025 8 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Bypass Filters

In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every

Carl B. Johnson Dec 13, 2025 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One

Carl B. Johnson Dec 13, 2025 7 min read
Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Trust

In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and phone-based fraud, driven largely by spoofing caller techniques, remains one of the fastest-growing categories. I've watched organizations with solid email security get gutted

Carl B. Johnson Dec 09, 2025 7 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call that appeared to feature the company's CFO. The deepfake was convincing, but the attack started with something far simpler — a phishing link embedded

Carl B. Johnson Dec 09, 2025 7 min read
Spoofing

What Is Spoofing? The Attack Behind 90% of Breaches

In March 2025, the FBI's Internet Crime Complaint Center reported that spoofing-related fraud accounted for billions in losses across American businesses and individuals. Every major data breach investigation I've worked on in the past five years started the same way — someone trusted something that wasn'

Carl B. Johnson Dec 09, 2025 7 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In January 2024, a finance employee at the multinational firm Arup wired $25 million to criminals after a deepfake video call featuring what appeared to be the company's CFO and several colleagues. Every person on that call was fake — AI-generated avatars operated by an organized fraud ring. That

Carl B. Johnson Dec 09, 2025 7 min read