Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.
posts
In 2023, a single reused password gave threat actors access to 23andMe's credential-stuffing attack, exposing the genetic data of nearly 7 million users. The attackers didn't exploit some exotic zero-day vulnerability. They just tried stolen username-password pairs from other breaches — and millions of them worked. If
In 2024, a single set of stolen Snowflake credentials led to the breach of over 165 organizations — including Ticketmaster and AT&T — exposing hundreds of millions of customer records. The root cause wasn't some exotic zero-day exploit. It was reused passwords without multi-factor authentication. Every one of
In 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by social engineering the help desk into resetting an employee's credentials — credentials that lacked properly enforced multi-factor authentication at critical junctures. That single phone call cascaded into one of the most expensive
A Single Stolen Password Cost This Company Everything In May 2021, a single compromised password shut down Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The attackers used a leaked VPN credential — one that had no multi-factor authentication protecting it. That one missing layer of security
The 24 Billion Stolen Passwords Sitting on the Dark Web Researchers at Digital Shadows found over 24 billion username-and-password combinations circulating on dark web marketplaces. That number keeps climbing. If you're still asking why use a password manager, the stolen credential economy already answered for you — your reused
The 80% Problem Nobody Wants to Talk About The 2024 Verizon Data Breach Investigations Report found that stolen credentials were involved in roughly 31% of all breaches over the past decade — and that human-element breaches, including credential theft and phishing, accounted for nearly 68% of incidents in their latest dataset.
In 2022, a former employee at Cash App's parent company, Block Inc., downloaded reports containing the personal information of over 8 million customers — months after they'd left the company. The access was never revoked. No alarm was triggered. The breach wasn't discovered until the
In 2023, a single remote employee at a major casino operator received a phone call from someone claiming to be IT support. That social engineering attack — a vishing call lasting roughly ten minutes — gave threat actors the foothold they needed to deploy ransomware across MGM Resorts' entire network, causing
In 2023, MGM Resorts lost roughly $100 million after a threat actor social-engineered their way past an IT help desk employee — with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They just talked their way in. And the
The Policy Gathering Dust in Your Shared Drive In 2023, the city of Dallas was hit by a Royal ransomware attack that crippled municipal services for weeks. Investigators traced the initial access back to a service account and poor access controls — exactly the kind of risk a well-enforced acceptable use
