Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Spoofing Caller

Spoofing Caller Attacks: How Criminals Fake Trust

In March 2024, the FBI's Internet Crime Complaint Center reported that Americans lost over $10 billion to cybercrime in 2023 — and a staggering portion of those losses started with a single phone call from a number the victim trusted. A spoofing caller doesn't need to hack

Carl B. Johnson Aug 19, 2024 7 min read
Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attackers had spoofed not just an email address or

Carl B. Johnson Aug 19, 2024 8 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In January 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The entire operation was coordinated by

Carl B. Johnson Aug 14, 2024 6 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks

Carl B. Johnson Aug 01, 2024 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.

Carl B. Johnson Jul 23, 2024 8 min read
Phishing News

Phishing News 2024: Attacks That Should Scare You

The Phishing Headlines Keep Getting Worse In January 2024, a finance worker at engineering firm Arup wired $25 million to threat actors after a deepfake video call that impersonated the company's CFO. That single incident captures everything terrifying about the current phishing news cycle: attacks are smarter, faster,

Carl B. Johnson Jul 23, 2024 6 min read
Phishing Scams

Phishing Scams: What Actually Works to Stop Them

In January 2024, a finance worker at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started with what every phishing scam starts

Carl B. Johnson Jul 23, 2024 8 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a single phone call. The attackers had done their homework — they knew the employee's name, role, and enough personal detail to sound legitimate. That's not

Carl B. Johnson Jul 23, 2024 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2024

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25.6 million to criminals after attending a deepfake video call where every other "participant" — including the CFO — was an AI-generated impersonation. That single incident redefines what phishing looks like today. If you still

Carl B. Johnson Jul 16, 2024 7 min read