Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Single Email Cost This Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. His method wasn't a zero-day exploit or cutting-edge malware. It was emails. Carefully crafted, psychologically precise emails that

Carl B. Johnson May 26, 2022 7 min read
Phishing Awareness Training

Phishing Awareness Training: Why 82% of Breaches Start Here

The 2022 Verizon Data Breach Investigations Report landed last month, and one number should keep every business owner awake at night: 82% of breaches involved the human element. Phishing, stolen credentials, pretexting, human error — threat actors aren't picking locks. They're asking your employees to hold the

Carl B. Johnson May 26, 2022 7 min read
Phishing Email

How to Recognize a Phishing Email Before You Click

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most complained-about cybercrime in 2021, with over 323,000 victims — more than double the number from just two years prior. That stat doesn't surprise me. What surprises me is how many

Carl B. Johnson May 25, 2022 7 min read
Phishing Attack Examples

Phishing Attack Examples: 7 Real Breaches That Cost Millions

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's account — and the initial access vector was social engineering. One employee, one credential, and suddenly a company trusted by thousands of organizations was in the headlines. If you think phishing only targets

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention Tips

Phishing Prevention Tips That Actually Stop Attacks

The Phishing Email That Cost Ubiquiti $46.7 Million In 2015, networking giant Ubiquiti Networks disclosed that attackers used carefully crafted phishing emails to trick finance department employees into wiring $46.7 million to overseas accounts controlled by threat actors. The emails impersonated executives. They looked legitimate. And trained professionals

Carl B. Johnson May 25, 2022 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In March 2022, the threat actor group Lapsus$ breached Okta by compromising a single employee's credentials through a social engineering attack. One phished account. That's all it took to put thousands of downstream customers at risk. If you're wondering how to avoid phishing attacks,

Carl B. Johnson May 25, 2022 8 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a direct descendant of spear phishing — cost organizations over $2.4 billion in 2021 alone. That number dwarfs ransomware losses. Yet most people I talk to still think phishing means a badly written email

Carl B. Johnson Apr 22, 2022 6 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Stole Millions

In February 2022, the FBI warned that Americans lost over $68 million to smishing and vishing scams in a single year — and that number only counted what victims actually reported to the FBI's IC3. The real figure is almost certainly multiples higher. I've spent the last

Carl B. Johnson Apr 22, 2022 8 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Cold

In July 2020, a teenager and two accomplices called Twitter employees, posed as IT staff, and convinced them to hand over internal credentials. Within hours, they'd hijacked 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in

Carl B. Johnson Apr 21, 2022 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $100 Million In 2019, a UK-based energy company's CEO received a phone call from what he believed was his boss — the head of the parent company in Germany. The voice was perfect. The accent, the tone, the speech patterns — all spot

Carl B. Johnson Apr 21, 2022 7 min read