Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.
posts
In May 2025, the FBI issued a stark warning: sophisticated AI-driven phishing attacks are now targeting Gmail's 2.5 billion users with emails so convincing that even seasoned IT professionals are getting fooled. The FBI warns Gmail users of sophisticated AI-driven phishing attacks that leverage generative AI to
In January 2025, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The attack started the same way almost all of them do — with a phishing email. If you'
In January 2024, a finance employee at British engineering firm Arup transferred $25 million to threat actors after joining a video call with what appeared to be the company's CFO and other colleagues — all of them deepfake recreations. The attack started the way most do: with a phishing
Your Old AIM Email Is a Bigger Threat Than You Think In December 2017, AOL officially shut down AIM — AOL Instant Messenger — after two decades as one of the internet's most iconic platforms. But here's what most people missed: the email addresses tied to those accounts
Your Employees Are Phish Food — And Threat Actors Know It In March 2025, the FBI's Internet Crime Complaint Center (IC3) released its 2024 annual report showing over $16 billion in reported cybercrime losses — the highest figure ever recorded. Phishing and its variants topped the list of complaint types
In January 2024, a finance employee at engineering firm Arup wired $25 million to criminals after joining a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The attack started the same way nearly all of
In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every
The Fake Invoice That Drained $1.4 Million In early 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes PayPal phishing attacks — generated over $2.9 billion in adjusted losses in 2023 alone. That number hasn't slowed down. One
160 Billion Spam Emails a Day — and Your Inbox Isn't Immune In 2024, the Verizon Data Breach Investigations Report confirmed what security professionals have been saying for years: email remains the primary initial access vector for data breaches. Over 90% of cyberattacks start with some form of malicious
In March 2025, the FBI's Internet Crime Complaint Center reported that Americans lost over $12.5 billion to cybercrime in 2023 alone — and phone-based fraud, driven largely by spoofing caller techniques, remains one of the fastest-growing categories. I've watched organizations with solid email security get gutted
