Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing

Phishing Attacks in 2024: What Actually Works to Stop Them

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. The attack started the same way almost all of them do — with a

Carl B. Johnson Sep 18, 2024 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Talk

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The whole operation started with a single phishing email.

Carl B. Johnson Sep 18, 2024 6 min read
Phishing Emails

How to Spot Phishing Emails: A Practical Guide

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated cousin of phishing — accounted for over $2.9 billion in adjusted losses in 2023 alone. That's not a typo. And those are just

Carl B. Johnson Sep 11, 2024 8 min read
Phish Food

Phish Food: What Threat Actors Serve Your Employees

In May 2024, the FBI's Internet Crime Complaint Center released data showing that phishing was still the number one reported cybercrime — for the fifth year running. Over 298,000 complaints in 2023 alone. Despite billions spent on email filters and endpoint protection, threat actors keep winning because the

Carl B. Johnson Sep 11, 2024 7 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. It started, like almost every attack of its kind, with

Carl B. Johnson Sep 11, 2024 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In June 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be legitimate emails and even joining a deepfake video call with someone impersonating the company's CFO. The attack started with fake emails. Every single

Carl B. Johnson Sep 02, 2024 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

That Email From Your CEO? It Was a FakeEmail. In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after attending a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a

Carl B. Johnson Aug 19, 2024 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

In January 2023, PayPal disclosed that threat actors had compromised nearly 35,000 user accounts through credential stuffing — not by breaking PayPal's systems, but by exploiting reused passwords harvested from other breaches. That incident made headlines, but it's the quieter, daily grind of PayPal phishing attacks

Carl B. Johnson Aug 19, 2024 6 min read