Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2022

The FBI Is Warning Gmail Users — And Most People Aren't Listening In March 2022, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing — including attacks targeting Gmail users specifically — generated more victim complaints than any other cybercrime category. Over 300,000

Carl B. Johnson Oct 24, 2022 7 min read
Phishing Email

Phishing Email Attacks: What Actually Works to Stop Them

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor's account. The fallout? Hundreds of downstream customers suddenly questioning whether their own environments were compromised. One email. One click. A cascading trust crisis that made headlines for weeks. That's

Carl B. Johnson Oct 18, 2022 6 min read
Phishing

Phishing Attacks in 2022: What Actually Works to Stop Them

The Typo That Costs Billions: Why "Phising" Leads You to the Right Problem Here's something I find fascinating: "phising" is one of the most common misspellings in cybersecurity search queries. Thousands of people type it every day looking for information about phishing — the attack

Carl B. Johnson Oct 18, 2022 7 min read
Vishing

FBI Warning on Vishing and Smishing: What to Do Now

The FBI Warning on Vishing and Smishing You Can't Afford to Ignore In January 2022, the FBI released an advisory warning that criminals were increasingly using voice phishing (vishing) and SMS phishing (smishing) to steal credentials, drain bank accounts, and breach corporate networks. This wasn't a

Carl B. Johnson Oct 18, 2022 7 min read
Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing

Carl B. Johnson Sep 22, 2022 8 min read
Phishing Attacks

What Is a Phishing Attack? A Real-World Breakdown

A Single Email Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that employees had been tricked into wiring $46.7 million to overseas accounts controlled by attackers. The weapon wasn't malware or a zero-day exploit. It was email. If you've ever asked

Carl B. Johnson Sep 22, 2022 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

The $2.4 Billion Problem Sitting in Your Inbox In 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a category driven almost entirely by fake emails — accounted for nearly $2.4 billion in adjusted losses. That made it the single costliest cybercrime type reported.

Carl B. Johnson Sep 22, 2022 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

The FakeEmail Problem Is Bigger Than You Think In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that covers most fakeemail schemes — accounted for $2.4 billion in adjusted losses in 2021 alone. That made it the single most financially damaging

Carl B. Johnson Sep 22, 2022 7 min read