Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $121 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $121 million from Google and Facebook. His weapon wasn't malware. It wasn't a zero-day exploit. It was phishing — forged emails impersonating a legitimate hardware vendor,

Carl B. Johnson Jun 29, 2026 6 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

Last year, a mid-size accounting firm in Ohio lost $1.2 million after a single employee clicked one link in a spoofed Microsoft 365 email. The link looked like a routine password-reset page. It wasn't. Within 90 minutes, a threat actor had harvested credentials, bypassed weak authentication, and

Carl B. Johnson Jun 28, 2026 5 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In 2023, the FBI dismantled a cybercriminal operation that used the Snake malware — a sophisticated keylogger that had quietly exfiltrated credentials from government networks across 50 countries for nearly two decades. Every password. Every internal message. Every classified document typed into a keyboard. That's the reality of a

Carl B. Johnson Jun 28, 2026 5 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

Your Employees' Credentials Are Already for Sale In March 2024, AT&T confirmed that data from approximately 73 million current and former customers appeared on the dark web. That breach didn't happen overnight — the data had been circulating in underground markets for years before anyone noticed.

Carl B. Johnson Jun 25, 2026 5 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Steals Millions

The Phishing Email That Came From PayPal's Own Servers In late 2024, security researchers at Avanan documented a campaign where threat actors sent phishing invoices through PayPal's actual invoicing system — meaning the emails passed SPF, DKIM, and DMARC checks flawlessly. The same tactic has since merged

Carl B. Johnson Jun 24, 2026 5 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Scams Still Working

The Email That Cost One Company $121 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $121 million from Google and Facebook using nothing more than fake invoices and spoofed email addresses. No zero-day exploits. No sophisticated malware. Just phishing emails that looked like they

Carl B. Johnson Jun 21, 2026 6 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported over $12.5 billion in losses from internet crime — a record high driven largely by organized criminal groups running coordinated fraud operations. These aren't lone hackers in basements. They're structured teams with defined roles,

Carl B. Johnson Jun 19, 2026 5 min read