Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing

What Is Phishing? A Security Pro's Real-World Guide

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And those are just the ones people actually reported. If you're asking what is phishing, you're asking the

Carl B. Johnson May 30, 2026 6 min read
Social Engineering Attacks

Social Engineering Attacks: Why Humans Are the #1 Target

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a single phone call. The attacker impersonated an employee, convinced the help desk to reset credentials, and within hours had burrowed deep enough to deploy ransomware

Carl B. Johnson May 30, 2026 6 min read
Dark Web

What Is the Dark Web? A Security Pro's Honest Guide

Your Employees' Passwords Are Probably Already There In 2024, the FBI's Internet Crime Complaint Center (IC3) reported over 880,000 complaints with potential losses exceeding $12.5 billion — and a significant chunk of that activity traces back to credentials and data bought and sold on the dark

Carl B. Johnson May 29, 2026 5 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now #1 Target

Your Employees' Phones Are the Weakest Link In March 2024, MGM Resorts was still dealing with the fallout of a social engineering attack that started with a simple phone call. But here's what most people missed in the post-incident analysis: the reconnaissance that made that attack possible

Carl B. Johnson May 29, 2026 5 min read
Fake Mail

Fake Mail: How Threat Actors Exploit Your Inbox in 2026

The $4.88 Million Problem Sitting in Your Inbox Right Now In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — essentially sophisticated fake mail — cost victims over $2.9 billion in a single year. That wasn't a spike. It was a trend.

Carl B. Johnson May 28, 2026 5 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, pretended to be an employee, and talked their way into a password reset. No malware. No zero-day exploit. Just a phone call and a convincing story. That single incident shut down slot machines,

Carl B. Johnson May 26, 2026 6 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: What Happens After a Breach

In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available

Carl B. Johnson May 25, 2026 5 min read
Phish Tour

Phish Tour: Mapping the Anatomy of a Phishing Attack

Welcome to the Phish Tour: How a Single Email Becomes a Full-Blown Breach In March 2023, the FBI's IC3 received over 298,000 complaints related to phishing schemes — more than any other cybercrime category by a wide margin. That number has only climbed since. Yet most people still

Carl B. Johnson May 24, 2026 5 min read