The FBI’s 26th annual Internet Crime Report documents record-breaking cybercrime losses, but the numbers only tell part of the story. SpyCloud’s security research team unpacks the biggest findings across phishing, account takeover, BEC, ransomware, and the first-ever AI crime category, and connects the data to the identity exposures that made these attacks possible.
A passwordless world is not one without cyberattacks. Session hijacking is one example that defeats passkeys. We examine its growing popularity.
SpyCloud’s updated list of cybersecurity statistics highlights the most common types of cyberattacks, along with how to protect employees, vendors, & consumers.
Dig into the differences between these two common attack types, and how you can prevent account takeovers that stem from either one.
Displaced darknet communities have found a new home on Discord. See what’s being sold and traded – and learn what to do if you happen to come across these activities.
See how malware infection logs can help organizations spot fake North Korean IT workers engaging in employment fraud.
Criminals are ramping up to take advantage of retailers and customer accounts during peak holiday shopping season. Here’s what to have on your radar.
An analysis of the newly launched underground carding marketplace data against SpyCloud’s recaptured data shows the leaked information existed on the dark web prior to its recent disclosure – but does that make it any less powerful in the hands of a criminal?
Account opening fraud is a top-priority concern, especially for financial institutions. Being able to distinguish between legitimate users and fraudsters is critical to Know Your Customer (KYC) requirements.
Business email compromise (BEC), has been used to defraud businesses out of over $3 billion. Know what to look for in these types of scams.
The 2025 SpyCloud Identity Threat Report reveals a dangerous paradox. Read the report recap for a summary of findings, trends, and key benchmarks.
Here’s what you need to know about popular cracking tools including Vertex, Sentry MBA, SNIPR, and OpenBullet, along with custom and target-specific account checkers – plus how you can protect your users and yourself from attacks.
Uncover the latest identity security threats in the 2025 Identity Exposure Report. Learn how cybercriminals are exploiting stolen data and what you can do to stop them.
Redefining threat protection is crucial as attackers weaponize stolen identities. In this blog, learn how to go beyond user accounts to secure today’s expanding identity perimeter and reduce risk.
Headline-making breaches in 2024 exposed millions of records, compromising sensitive data. This blog explores what was stolen and the impact that has on security strategies to stay ahead.
Phishing campaigns continue to rise in popularity and effectiveness for cybercriminals. Here’s a breakdown of how it works and what.
The impacts of account takeover can affect your customer base and business long into the future, which is why prevention is so key. Here’s how SpyCloud helps organizations reduce ATO fraud.
Here we break down two phases of the MITRE ATT&CK Framework – Reconnaissance and Resource Development – and why it’s critical to account for stolen data in your detection and attack prevention strategies.
As threat actors pivot to next-gen tactics, traditional threat intelligence alone isn’t sufficient for safeguarding your critical assets and data.
SpyCloud Third Party Insight helps you prevent account takeover by monitoring your supply chain for breach and malware exposures and sharing that data to aid remediation efforts.
Our team was busy on the floor at Black Hat 2023, but we also had some time to attend sessions and talk industry with colleagues and friends. Here’s what we’re taking away from one of cybersecurity’s best events.
We uncovered a lot in feedback sessions with CISOs, so we offer even more insights around evolving authentication methods and ransomware defense vs. offense in the second blog in our series.
In ongoing conversations with CISOs, several topics stood out as top-of-mind for security leaders. We discuss their emerging concerns, including malware infection response and critical SOC team blind spots.
Despite being one of the oldest tricks in the cybercrime playbook, BEC scams continue to pose a significant threat to organizations, causing 64 times more losses than ransomware last year.
RSAC’s 2023 theme of Stronger Together rang true throughout the event, with discussions on how to tackle and safely evolve AI’s impact on cybersecurity, third-party risk management, and the path forward for the industry.
Bad actors can target your organization in all sorts of ways. Read on for some of the most common types of cyberattacks that should be on your organization’s radar.
Stolen credentials and malware infections put DIB suppliers at risk for account takeover and ransomware attacks. These organizations must take measures to secure credentials and meet CMMC requirements.
Our resident security research expert discusses malware trends – including why we’re finding screenshots of victims’ desktops among the exfiltrated data.
Unwitting insider threats create vulnerabilities that can lead to ransomware attacks. We discuss how ghost accounts and shadow IT impact enterprises and how to mitigate these risks.
Fraud experts from SpyCloud and Aite-Novarica tackle recent trends, the rise in ATO, synthetic identities, and malware, and how to level the playing field against fraudsters.
The stakes are high when it comes to protecting critical infrastructure. See the latest thinking on thwarting ransomware attacks against Utilities – and the ATO that often precedes them.
Synthetic identity fraud is a $20B problem, but it’s not impossible to prevent. We break down the 2 telltale signs. As it turns out, too much information is just as suspicious as not enough when it comes to detecting constructed identities.
When your password is exposed in a data breach, immediate action is necessary. We offer remediation steps and tips for creating strong passwords to secure online accounts.
Criminals are going omni-channel with Organized Retail Crime. Learn more about this type of fraud and see how the digital and physical worlds can collide to solve ORC cases.
The SpyCloud Research team takes an in-depth look at anti-detect browsers and how they are being leveraged alongside stolen credentials and cookies to bypass MFA and easily log into targeted accounts.
As online shopping continues to boom, both consumers and retailers should be aware of triangulation fraud. Learn more about this tactic, how it works, and how you (and your business) can avoid getting caught up in it.
In an interconnected business world where organizations depend on hundreds of separate technologies and vendors, third-party access offers a reliably weak spot in any security posture.
A look back at the threat landscape that experts were predicting over the last five years to see how the industry has changed – and what could be ahead.
Cybercrime and cybersecurity budgets are both on the rise. And yet, the largest security gaps for most organizations – solving for password reuse and remediating stolen credentials – are left wide open.
When it comes to identity theft, stolen phone numbers are often shrugged off. But the truth is, criminals want your phone numbers just as much as they want your passwords.
Telecom companies are rich in data and have huge numbers of customers, both of which make them valuable targets for fraudsters. They’re also heavily exposed in data breaches.
We’ve noticed a trend where media headlines equate data breaches & credential stuffing. The difference is critical for companies like Zoom, Nintendo, and Spotify, who made headlines in 2020 for the wrong reasons & suffered brand damage as a result.
Human nature makes us vulnerable to account takeover. Let’s dig into 3 very common bad habits and how they play into criminals’ hands.
Dictionaries, combolists, rainbow tables…We explain the terms used within online “cracking communities” and what they mean for us as defenders.
Since early April, attackers have compromised 160,000 Nintendo accounts. SpyCloud researchers have identified source code for an account checker tool that was custom-built to target Nintendo customers.
Shedding light on mobile threats as well as potential solutions including mobile threat defense, zero trust frameworks, and account takeover prevention measures.
The largest dark markets may have been seized, but they always seem to persist. Fortunately, they’re run by humans and humans make mistakes.
Our survey of IT security leaders found organizations are investing in layers of defense against authentication-based attacks, but it still isn’t enough. Here we discuss the issues with passwords, passkeys, and MFA + additional steps beyond these measures security teams can take to close the gaps in their defenses.
Lower-tier criminals are taking over fast food accounts to reap hot and fresh rewards–on your dime. By now you’ve probably heard us talk at length
Weak or reused passwords still pose a huge risk factor for account takeover but as newer authentication techniques evolve, criminals are adapting.
Credential stuffing attacks are on the rise. Learn more about how they’re done and what you can do to protect your organization.
Corporate account takeover is growing at an alarming rate. Find out what you should and shouldn’t do to prevent it.
Do you ever wonder how the dark web works? Do you know what tools provide protection from what can happen in the dark web? We’ll break it down.
New markets on the dark web represent a shift in how underground goods are bought and sold. What does history have to say about how new markets will fare?
