Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Dark Web

What Is the Dark Web? A Security Pro's Real Talk

Your Credentials Are Probably Already There In April 2021, a threat actor posted a database of 533 million Facebook user records — phone numbers, full names, locations, email addresses — on a popular dark web forum. For the price of nothing. Just sitting there, searchable. So what is the dark web, exactly,

Carl B. Johnson Sep 23, 2021 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: How Your Logins Get Sold

In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the

Carl B. Johnson Sep 23, 2021 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A Field Guide

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run

Carl B. Johnson Sep 16, 2021 7 min read
Multi-Factor Authentication

Authenticator App vs SMS Verification: Which Is Safer?

In February 2021, T-Mobile disclosed a data breach that exposed customer phone numbers and SIM information. That same month, the FBI's Internet Crime Complaint Center continued logging a surge in SIM swap complaints — a threat that directly undermines SMS-based two-factor authentication. If your organization still relies on text

Carl B. Johnson Sep 16, 2021 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2021, security researchers discovered that the Agent Tesla keylogger had become one of the most prevalent malware families in the wild, appearing in phishing campaigns targeting organizations across every sector. This wasn't some exotic zero-day. It was a commodity keylogger attack tool that anyone could buy

Carl B. Johnson Sep 03, 2021 7 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2021, the FBI warned that cybercriminals were actively exploiting telecommuters by intercepting unencrypted network traffic — a textbook man in the middle attack. The shift to remote work didn't just expand the attack surface. It handed threat actors a golden opportunity to sit between employees and corporate

Carl B. Johnson Sep 03, 2021 7 min read
DNS Spoofing Attack

DNS Spoofing Attack: How Hackers Hijack Your Traffic

In April 2018, attackers hijacked the DNS records for Amazon's Route 53 service, redirecting traffic meant for MyEtherWallet.com to a malicious server in Russia. Users who typed the correct URL into their browsers still landed on a fake site. Within two hours, attackers stole roughly $150,000

Carl B. Johnson Sep 03, 2021 7 min read
Phishing

What Is Phishing? The Attack Behind 36% of Breaches

In March 2021, a massive phishing campaign impersonating Microsoft Office 365 hit over 10,000 mailboxes across the financial services sector in a single week. The emails were nearly flawless — correct logos, legitimate-looking sender domains, and urgent language about password expiration. Dozens of employees handed over their credentials before anyone

Carl B. Johnson Aug 31, 2021 7 min read