Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Removed Legitimate Software

Removed Legitimate Software: A Hidden Attack Vector

When Trusted Tools Become Trojan Horses In April 2021, security researchers at Kaspersky documented a campaign where threat actors took software that had been removed legitimate from vendor websites — discontinued, deprecated, or pulled due to vulnerabilities — and repackaged it with embedded malware. The attackers then hosted these poisoned versions on

Carl B. Johnson Aug 08, 2021 7 min read
Spoofing Caller

Spoofing Caller Attacks: How Hackers Weaponize Your Phone

In March 2021, the FBI's Internet Crime Complaint Center reported that Americans lost over $54 million to phone spoofing and vishing schemes in the previous year alone. That number was climbing. And it wasn't just grandparents falling for "IRS" calls — it was finance directors

Carl B. Johnson Aug 08, 2021 7 min read
Phishing Links

What Is a Phishing Link? How Attackers Steal Data

In July 2021, a single phishing link sent to an employee at a Florida IT management company led to the Kaseya ransomware attack — one of the largest supply chain compromises in history. Over 1,500 businesses were affected downstream. That's the reality of what a phishing link can

Carl B. Johnson Aug 08, 2021 7 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

A $12 Billion Problem You Can't Ignore In June 2021, Europol dismantled a massive fraud network spanning dozens of countries. The ring had siphoned millions from victims through coordinated romance scams, investment fraud, and business email compromise. This wasn't a lone hacker in a basement. It

Carl B. Johnson Jul 29, 2021 7 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How to Spot This Attack

Last month, a finance manager at a mid-sized logistics company received what looked like a routine DocuSign envelope — a payment authorization supposedly routed through PayPal. She clicked, entered her PayPal credentials on a pixel-perfect fake login page, and within 90 minutes, the attacker had initiated $38,000 in wire transfers.

Carl B. Johnson Jul 29, 2021 7 min read
Phishing Attack

Phishing Attack Anatomy: How Breaches Actually Start

In May 2021, a single phishing attack against Colonial Pipeline's legacy VPN account triggered the largest fuel supply disruption in U.S. history. One compromised credential. No multi-factor authentication. Five days of chaos across the Eastern Seaboard. That's what a phishing attack looks like when it

Carl B. Johnson Jul 13, 2021 7 min read
Phishing News

Phishing News: The Attacks Dominating 2021 So Far

2021's Phishing Landscape Is Unlike Anything We've Seen Before In March, Microsoft reported that a massive phishing campaign had targeted over 10,000 organizations since January 2021, using sophisticated OAuth token theft to bypass multi-factor authentication. That single campaign should have been a wake-up call. Instead,

Carl B. Johnson Jul 13, 2021 7 min read
Phishing Scams

Phishing Scams: What's Actually Working in 2021

The FBI's Internet Crime Complaint Center reported $4.2 billion in losses from cybercrime in 2020 — and phishing scams were the number one reported attack type, with 241,342 complaints. That's not a typo. Nearly a quarter of a million people filed formal complaints about phishing

Carl B. Johnson Jul 13, 2021 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In December 2020, the world learned that SolarWinds — a company whose software sat inside thousands of government and corporate networks — had been compromised by a sophisticated nation-state threat actor. The initial intrusion vector? Targeted, carefully crafted communications designed to exploit trust. If you're asking what is spear phishing,

Carl B. Johnson Jul 01, 2021 8 min read
Phishing

Define Phishing: What It Really Looks Like in 2021

In March 2021, a single phishing email led to the compromise of over 30,000 U.S. organizations through the Microsoft Exchange Server vulnerabilities. The attackers didn't need a sophisticated zero-day to get their initial foothold — they needed someone to click. If you're trying to define

Carl B. Johnson Jul 01, 2021 7 min read