Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In February 2024, the FBI warned that threat actors stole over $10 billion through internet-enabled fraud in 2023 — and SMS-based phishing, commonly called smishing, was one of the fastest-growing attack vectors cited in the FBI IC3 annual report. If you think smishing is just a nuisance text from a fake

Carl B. Johnson Apr 08, 2024 7 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Attacks

The Phone Call That Cost One Company $25 Million In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after receiving a video call that appeared to include the company's CFO and other colleagues — all deepfake recreations. The attack started with a

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The employee, convinced by

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks That Worked

In September 2023, a teenager used a phone call to trick an MGM Resorts employee into resetting credentials. That single social engineering attack cost MGM an estimated $100 million. No malware exploit. No zero-day vulnerability. Just a convincing voice on the other end of a help desk line. If you

Carl B. Johnson Apr 08, 2024 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call where every other participant — including the CFO — was a deepfake. The attackers had studied publicly available footage, cloned voices and faces, and orchestrated an elaborate social engineering attack that

Carl B. Johnson Apr 07, 2024 7 min read
Ransomware

How Ransomware Spreads: 7 Paths Into Your Network

In September 2023, MGM Resorts lost an estimated $100 million after a social engineering phone call — just one phone call — gave threat actors the foothold they needed to deploy ransomware across the company's entire infrastructure. Slot machines went dark. Hotel key cards stopped working. Reservation systems collapsed. All

Carl B. Johnson Feb 09, 2024 7 min read
Data Breach

What Causes a Data Breach: 7 Root Causes Behind Every Attack

In September 2023, MGM Resorts International lost an estimated $100 million after a threat actor social-engineered a help desk employee with a single phone call. One conversation. That's all it took to cripple slot machines, hotel check-in systems, and digital room keys across Las Vegas for over a

Carl B. Johnson Jan 22, 2024 7 min read
Strong Passwords

How to Create a Strong Password That Actually Stops Hackers

In September 2023, a credential stuffing attack against 23andMe exposed the personal data of nearly 7 million users. The root cause wasn't some exotic zero-day exploit. It was reused, weak passwords. Attackers took credentials leaked from other breaches, tried them on 23andMe accounts, and walked right in. That&

Carl B. Johnson Jan 22, 2024 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 23andMe Breach Started With Recycled Passwords In October 2023, genetic testing company 23andMe confirmed that attackers accessed roughly 6.9 million user profiles. The method wasn't some exotic zero-day exploit. It was credential stuffing — threat actors took username and password combinations leaked from other breaches and simply

Carl B. Johnson Jan 20, 2024 7 min read