Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a single phishing link in a spoofed Microsoft 365 email gave attackers access to the email accounts of several U.S. State Department employees. The link looked like a routine password-reset page. It wasn't. That one click led to weeks of unauthorized access before anyone

Carl B. Johnson May 23, 2026 5 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that attackers used carefully crafted emails impersonating company executives to trick finance employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They exploited trust. That's spear

Carl B. Johnson May 21, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called the MGM Resorts help desk, impersonated an employee found on LinkedIn, and convinced IT staff to reset credentials. The result: ten days of operational chaos, encrypted systems, and an estimated $100 million in

Carl B. Johnson May 20, 2026 5 min read
Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a finance employee at a Hong Kong multinational wired $25 million to threat actors after clicking a single link in what appeared to be a routine email from the company's CFO. That link led to a deepfake video call — but it started with something deceptively

Carl B. Johnson May 18, 2026 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. The attacker didn't blast out a million generic emails. They researched one finance executive, crafted one convincing message, and walked away with the money. That&

Carl B. Johnson May 17, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, convinced a finance employee to change wire transfer details, and the money vanished. That attack started with something deceptively simple

Carl B. Johnson May 15, 2026 5 min read
DNS Spoofing

DNS Spoofing Attack: How Hackers Redirect Your Traffic

In April 2024, researchers at Akamai discovered a massive DNS hijacking campaign targeting financial institutions across Southeast Asia. Attackers poisoned DNS caches at the ISP level, silently redirecting thousands of banking customers to pixel-perfect phishing sites. Victims entered their credentials on pages that looked identical to their bank's

Carl B. Johnson May 14, 2026 5 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In 2024, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. That number almost certainly undercounts reality. Most phishing attacks never get reported. If you've landed here searching for a phishing

Carl B. Johnson May 12, 2026 5 min read
Phishing

What Is Phishing? The Attack Behind 80% of Breaches

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to criminals after a video call with what appeared to be the company's CFO. Every person on that call was a deepfake. The attack started with a single phishing email. If

Carl B. Johnson May 10, 2026 5 min read
Trojan Horse Malware

Trojan Horse Malware: What It Really Does Inside Your Network

The Invoice That Took Down a Hospital Network In 2023, a hospital system in Illinois watched helplessly as Qakbot — a trojan horse malware strain — moved laterally through its entire Active Directory environment in under four hours. The initial infection? A single employee opened what looked like an overdue vendor invoice

Carl B. Johnson May 09, 2026 5 min read