Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

In March 2025, the FBI's Internet Crime Complaint Center reported that phishing remained the number one reported cybercrime for the fifth consecutive year. That stat alone should tell you everything about where threat actors are focusing their energy. But raw numbers don't teach your employees what

Carl B. Johnson Sep 22, 2025 7 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Attack That Cost MGM Resorts $100 Million Started With a Phone Call In September 2023, a threat actor called the MGM Resorts IT help desk, impersonated an employee they found on LinkedIn, and talked their way into a password reset. Within hours, the attackers had deployed ransomware across MGM&

Carl B. Johnson Sep 22, 2025 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider socially engineered its way past the help desk with a single phone call. But the reconnaissance that made that call possible? It started with spear phishing — targeted research, crafted messaging, and a specific human

Carl B. Johnson Sep 22, 2025 7 min read
Smishing Attack Examples

Smishing Attack Examples: 7 Real Texts That Steal Data

In March 2025, the FBI's IC3 warned that Americans lost over $470 million to phishing and smishing schemes in the prior reporting year — and text-based attacks were growing faster than any other vector. I've personally triaged incidents where a single SMS message led to a six-figure

Carl B. Johnson Sep 21, 2025 8 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Attacks

In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and voice-based social engineering was one of the fastest-growing attack vectors. I've personally investigated cases where a single phone call cost an organization six

Carl B. Johnson Sep 21, 2025 6 min read
Social Engineering Attacks

Social Engineering Attacks: What Actually Works in 2025

In February 2025, a finance employee at a Hong Kong multinational wired $25 million to threat actors after a deepfake video call impersonating the company's CFO. That single incident captures the state of social engineering attacks right now: they're sophisticated, they exploit trust instead of technology,

Carl B. Johnson Sep 21, 2025 7 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks in 2025

In September 2023, a threat actor called Scattered Spider called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced a technician to reset credentials. The result: an estimated $100 million in losses, a ransomware lockout across casino floors and hotel systems, and weeks of

Carl B. Johnson Sep 21, 2025 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was a deepfake. The attackers never exploited a software vulnerability. They

Carl B. Johnson Sep 21, 2025 7 min read
Ransomware

How Ransomware Spreads: 7 Attack Vectors in 2025

In February 2024, Change Healthcare — the payment processor handling roughly one-third of all U.S. medical claims — was hit by the ALPHV/BlackCat ransomware group. The result: $872 million in direct costs reported by UnitedHealth Group, months of disrupted pharmacy operations, and the personal health data of over 100 million

Carl B. Johnson Jul 15, 2025 7 min read