Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing

Phish: Why Employees Still Take the Bait in 2022

A Single Phish Cost Twilio 163 Million User Records In August 2022, Twilio — a company that powers authentication for thousands of apps — confirmed that attackers used SMS-based phishing to compromise employee credentials. That single phish gave threat actors access to data from 163 customer accounts, which cascaded into a breach

Carl B. Johnson Dec 25, 2022 6 min read
Fake Email

Fake Email: How to Spot It Before It Costs You

In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — attacks built on a single convincing fake email — caused $2.4 billion in adjusted losses in 2021 alone. That made it the most financially devastating cybercrime category in the entire FBI IC3 annual report.

Carl B. Johnson Dec 25, 2022 6 min read
Phishing

Phishing in 2022: What Actually Works to Stop It

Twilio disclosed in August that a phishing campaign tricked its employees into handing over credentials via SMS, exposing data tied to over 130 organizations — including Signal users. A few weeks later, Uber suffered a breach when an attacker used social engineering to fatigue an employee with multi-factor authentication push requests

Carl B. Johnson Dec 18, 2022 6 min read
Smishing

FBI Warning on Smishing Texts: How to Protect Yourself

In early 2022, the FBI issued a stark warning: cybercriminals were registering over 10,000 malicious domains specifically designed to support SMS phishing — or "smishing" — campaigns targeting American consumers. These weren't sloppy, typo-filled messages from a decade ago. They were polished, urgent, and devastatingly effective. The

Carl B. Johnson Dec 18, 2022 6 min read
Phishing Definition

Phishing Definition: What It Really Means in 2022

Twilio, a company with a sophisticated security team and a tech-savvy workforce, got phished in August 2022. Attackers sent SMS messages to employees pretending to be the IT department, directing them to a fake login page. The result: compromised credentials, unauthorized access to customer data, and a breach that rippled

Carl B. Johnson Nov 21, 2022 6 min read
Phishing Definition

Definition of a Phishing Attack: What It Really Looks Like

In March 2022, the hacking group Lapsus$ breached Okta by phishing a single contractor's credentials. That one successful social engineering attack gave threat actors access to systems used by thousands of companies worldwide. If you're searching for the definition of a phishing attack, that incident is

Carl B. Johnson Oct 24, 2022 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In March 2022, the threat actor group Lapsus$ breached Okta by spear phishing a single support engineer at a third-party contractor. That one compromised account gave the attackers a foothold that ultimately affected roughly 366 Okta customers. Not a mass email blast. Not a Nigerian prince scam. One carefully researched,

Carl B. Johnson Oct 24, 2022 7 min read
Spoofing

Spoof Attacks: How Threat Actors Fake Their Way In

A Single Spoof Email Cost This Company $121 Million In 2019, Toyota Boshoku Corporation disclosed that a subsidiary lost $37 million after an attacker used a spoofed email to impersonate a senior executive and authorize a fraudulent wire transfer. That wasn't an isolated case. Business email compromise (BEC)

Carl B. Johnson Oct 24, 2022 7 min read
AI Phishing Attacks

FBI Warns Gmail Users of AI-Driven Phishing Attacks

The FBI Warns Gmail Users of Sophisticated AI-Driven Phishing Attacks — And Most People Aren't Ready Earlier this year, the FBI's Internet Crime Complaint Center (IC3) reported that phishing schemes — including business email compromise — accounted for over $2.7 billion in adjusted losses in 2021 alone. Now,

Carl B. Johnson Oct 24, 2022 7 min read