Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Spoofing

Spoofing Attacks: How Hackers Impersonate Your Trust

The CEO Who Wired $47 Million to a Criminal In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after threat actors spoofed the CEO's email and instructed a finance employee to wire funds for a fake acquisition. The employee believed the request was legitimate. The

Carl B. Johnson Apr 27, 2026 5 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

A Single Fraud Ring Stole $6 Million Before Anyone Noticed In 2023, the FBI's IC3 received over 880,000 cybercrime complaints with losses exceeding $12.5 billion — a 22% increase from the prior year. A growing share of those losses came from coordinated fraud operations, not lone hackers

Carl B. Johnson Apr 26, 2026 5 min read
Social Engineering Examples

Social Engineering Examples: Real Attacks Happening Now

A Teenager Breached Uber. No Malware Required. In September 2022, an 18-year-old compromised Uber's internal systems — not with a sophisticated zero-day exploit, but with a text message. The attacker bombarded an Uber contractor with multi-factor authentication push requests until the contractor finally approved one. From there, the threat

Carl B. Johnson Apr 22, 2026 6 min read
PayPal DocuSign Phishing

PayPal DocuSign Phishing: How This Scam Works

In late 2024, security researchers at Avanan documented a surge of phishing campaigns that weaponized legitimate DocuSign and PayPal infrastructure to deliver convincing credential theft attacks. The emails didn't come from spoofed domains. They came from the actual DocuSign and PayPal platforms — which is exactly why they sailed

Carl B. Johnson Apr 22, 2026 5 min read
Smishing Attack Examples

Smishing Attack Examples: Real Texts That Steal Data

The Text Message That Cost One Company $15 Million In 2022, threat actors hit Twilio with an SMS-based social engineering attack that compromised employee credentials and exposed data for over 160 customers. The attack didn't involve a sophisticated zero-day exploit. It started with a text message pretending to

Carl B. Johnson Apr 21, 2026 5 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2026 Survival Guide

Last March, a finance director at a mid-size logistics company wired $2.1 million to a threat actor who had spoofed the CEO's email address. The message looked perfect — right tone, right signature, right sense of urgency. The only thing wrong was the reply-to domain, off by a

Carl B. Johnson Apr 20, 2026 5 min read
Phish Tour

Phish Tour: A Guided Tour Through Modern Phishing

Welcome to the Phish Tour Nobody Asked For In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call. The threat actor convinced a help desk employee to reset credentials. Total estimated cost: over $100 million. That attack didn&

Carl B. Johnson Apr 17, 2026 5 min read
Shadow IT Risks

Shadow IT Risks: The Invisible Threat Draining Your Budget

A Marketing Team's Slack Alternative Nearly Took Down an Entire Hospital Network In 2023, a regional healthcare system discovered that its marketing department had been using an unapproved messaging platform for over 14 months. Nobody in IT knew. The platform stored patient-adjacent data with no encryption, no access

Carl B. Johnson Apr 16, 2026 5 min read