Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

FakeEmail

FakeEmail Attacks: How Spoofed Messages Breach Networks

A Single FakeEmail Cost One Company $37 Million In 2024, Orion SA, a Luxembourg-based steel trading company, disclosed it lost approximately $60 million after an employee was tricked by a business email compromise scheme using fraudulent email communications. That same year, the FBI's IC3 received over 21,000

Carl B. Johnson Apr 05, 2019 7 min read
PayPal Phishing Attacks

PayPal Phishing Attacks: How to Spot and Stop Them

A Single PayPal Email Cost One Business Owner $68,000 I got the call on a Tuesday morning. A small business owner in Ohio had received what looked like a routine PayPal dispute notification. She clicked the link, entered her credentials, and within four hours, a threat actor had drained

Carl B. Johnson Apr 05, 2019 8 min read
Spoofing Caller

Spoofing Caller Attacks: How to Detect and Stop Them

The Phone Call That Cost One Company $23.5 Million In 2024, a finance executive at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The voice on the

Carl B. Johnson Apr 01, 2019 7 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

Last year, a finance director at a mid-sized logistics company clicked a link in what looked like a DocuSign notification. Fourteen seconds later, a threat actor had her Microsoft 365 credentials. Within two hours, the attacker had redirected a $380,000 wire transfer to an overseas account. The link she

Carl B. Johnson Apr 01, 2019 7 min read
Spoofing

What Is Spoofing? The Attack Behind Most Breaches

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing and spoofing — making it the number one reported cybercrime category for the fifth year running. That wasn't a fluke. Spoofing is the backbone of almost every major social engineering campaign

Carl B. Johnson Apr 01, 2019 7 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported over $12.5 billion in losses from internet crime — a staggering 22% increase from the year before. Behind many of these losses weren't lone hackers in basements. They were organized groups running coordinated group online svindel

Carl B. Johnson Apr 01, 2019 7 min read
Phishing News

Phishing News: The Attacks Reshaping 2026 Security

A Single Phishing Email Just Cost a Healthcare System $65 Million If you follow phishing news, you already know the headlines keep getting worse. Change Healthcare's 2024 breach — triggered by compromised credentials and the absence of multi-factor authentication — led to a reported $22 billion disruption across the U.

Carl B. Johnson Mar 20, 2019 7 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that threat actors used spear phishing emails to impersonate executives and trick finance staff into wiring $46.7 million to overseas accounts. They eventually recovered some funds, but the damage was done. That wasn't a

Carl B. Johnson Mar 20, 2019 8 min read
Fake Identity Website

Fake Identity Website Threats: How to Spot and Stop Them

A Single Fake Identity Website Took Down a $200M Company's Reputation In 2023, the FBI's IC3 received over 880,000 complaints with potential losses exceeding $12.5 billion — and identity-related fraud was the single fastest-growing category. A huge chunk of that fraud starts at a fake

Carl B. Johnson Mar 20, 2019 7 min read