Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Fake Mailer

Fake Mailer Attacks: How Threat Actors Spoof Emails

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — often launched using a fake mailer or spoofing tool — cost American organizations over $1.8 billion in 2020 alone. That made it the most financially damaging cybercrime category in the entire IC3 report, dwarfing

Carl B. Johnson Jul 01, 2021 7 min read
Web Security Best Practices

Web Security Best Practices: 12 Steps That Actually Work

In March 2021, a single misconfigured web server at a major airline exposed 4.2 million passenger records. Names, email addresses, passport numbers — all sitting in an unprotected cloud bucket. The fix would have taken about fifteen minutes. The breach response cost millions and took months. That's the

Carl B. Johnson Jun 01, 2021 6 min read
Cloud Computing Security

Cloud Computing Security: What Goes Wrong in Practice

Capital One Lost 100 Million Records Because of One Misconfigured Firewall In 2019, a former cloud services employee exploited a misconfigured web application firewall to steal the personal data of over 100 million Capital One customers and applicants. The breach cost Capital One over $80 million in fines from the

Carl B. Johnson May 18, 2021 6 min read
Phishing Emails

How Phishing Emails Work: The Psychology Behind the Click

A Pipeline Went Dark — Because One Person Clicked On May 7, 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down operations after a ransomware attack. The disruption caused fuel shortages across the southeastern U.S. and triggered panic buying. While the full forensic details are still

Carl B. Johnson May 13, 2021 7 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2021

On May 7, 2021 — less than a week ago — Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack that started with a single compromised credential. One password. No multi-factor authentication. An entire region's fuel supply disrupted. This is the kind of incident that

Carl B. Johnson May 13, 2021 7 min read
Phishing Attack Examples

Phishing Attack Examples: Real Incidents That Cost Millions

A Single Email Cost This Company $100 Million In 2019, a Lithuanian man named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than phishing emails. He impersonated a legitimate hardware vendor, sent fake invoices, and both tech giants paid up — for years.

Carl B. Johnson May 04, 2021 7 min read
Email Phishing Red Flags

Email Phishing Red Flags: 9 Signs You're Being Targeted

One Employee Missed the Red Flags — It Cost $2.3 Million In December 2020, a mid-sized manufacturing company in Ohio wired $2.3 million to what they believed was a long-standing supplier. The invoice looked perfect. The email address was off by a single character. Nobody caught it until the

Carl B. Johnson Apr 16, 2021 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

In 2020, a single spear phishing email sent to a Twitter employee gave attackers access to internal admin tools — and ultimately let them hijack verified accounts belonging to Barack Obama, Elon Musk, and Apple. The attackers walked away with over $100,000 in Bitcoin. That breach didn't start

Carl B. Johnson Apr 15, 2021 7 min read
Smishing Attacks

Smishing Attack Examples: Real Texts That Steal Data

In February 2021, the FBI warned that threat actors were sending fake text messages impersonating banks, delivery companies, and even state unemployment agencies — all designed to steal credentials and drain accounts. These weren't theoretical risks. The FBI's Internet Crime Complaint Center (IC3) reported over $54 million

Carl B. Johnson Apr 14, 2021 7 min read
Vishing Scam Awareness

Vishing Scam Awareness: Stop Voice Phishing Attacks

In January 2021, the FBI and CISA issued a joint advisory warning about a surge in vishing attacks targeting corporate employees working from home. Threat actors were calling employees directly, impersonating IT help desks, and convincing them to hand over VPN credentials. Within hours, attackers had access to internal networks,

Carl B. Johnson Apr 14, 2021 7 min read