Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Bypasses Filters

A Legitimate DocuSign Email That Steals Your PayPal Credentials In November 2024, Avanan researchers documented a wave of attacks where threat actors sent phishing emails through DocuSign's actual platform — not spoofed emails, but real DocuSign notifications. The documents inside impersonated PayPal invoices requesting payment authorization for hundreds or

Carl B. Johnson Dec 05, 2025 7 min read
Phishing Attack

Phishing Attack Trends in 2025: What Actually Works Now

A Single Phishing Attack Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider impersonated an MGM Resorts employee during a help desk call. That single social engineering interaction led to a ransomware deployment that shut down slot machines, hotel key cards, and reservation systems across

Carl B. Johnson Dec 05, 2025 7 min read
Phishing News

Phishing News 2025: The Attacks Rewriting the Rules

A Single Phishing Email Cost One Company $60 Million In early 2025, Orion SA, a Luxembourg-based metals company, disclosed that a business email compromise (BEC) phishing attack had tricked employees into wiring approximately $60 million to attacker-controlled accounts. That's not a typo. One phishing campaign. Sixty million dollars.

Carl B. Johnson Nov 28, 2025 7 min read
Phishing Scams

Phishing Scams in 2025: What's Actually Working Now

The Phishing Email That Cost One Company $60 Million In January 2024, a finance employee at the engineering firm Arup wired $25 million after attending a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. That

Carl B. Johnson Nov 28, 2025 7 min read
Fake Identity Website

Fake Identity Website Threats: What You Need to Know

A Single Fake Identity Website Cost One Company $47 Million In early 2024, a finance employee at engineering firm Arup wired $25 million after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The

Carl B. Johnson Nov 13, 2025 7 min read
FBI Gmail Warning

FBI Gmail Warning: What You Need to Know in 2025

The FBI Gmail Alert That Should Have Changed How You Think About Email In late 2024, the FBI issued a stark warning: AI-driven phishing attacks targeting Gmail users had become so sophisticated that even technically savvy professionals were falling for them. The advisory wasn't hypothetical. It was based

Carl B. Johnson Nov 06, 2025 7 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong in 2025

In January 2025, the Verizon Data Breach Investigations Report team was already tracking a sharp rise in cloud-specific intrusions — a trend that accelerated throughout the year. By mid-2025, roughly 45% of all breaches involved cloud assets, up significantly from prior years. If your organization moved to the cloud and assumed

Carl B. Johnson Sep 27, 2025 7 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

In March 2025, a finance director at a mid-sized manufacturing company wired $2.3 million to a bank account in Southeast Asia. The request came from what looked like the CEO's email — same signature, same tone, same thread about an acquisition they'd been discussing for weeks.

Carl B. Johnson Sep 27, 2025 8 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2025

In March 2025, a mid-size logistics company in the Midwest lost $2.3 million after a single employee clicked a fake DocuSign link. The attacker harvested credentials, pivoted into the company's financial systems, and initiated wire transfers over a long weekend. The employee had never received phishing awareness

Carl B. Johnson Sep 25, 2025 8 min read
Phishing Email

How to Recognize a Phishing Email Before You Click

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number one reported cybercrime by volume, with over 298,000 complaints in a single year. But here's the part that should keep

Carl B. Johnson Sep 25, 2025 8 min read