What is multi-factor authentication (MFA)?

Multi-factor authentication adds a second verification step when logging in, typically a code sent to your phone or generated by an app. Research shows MFA blocks 99.9% of automated account attacks.

Do I need a password manager?

Yes. With the average person managing over 100 accounts, unique passwords are impossible to remember. CISA and NIST explicitly recommend password managers as essential tools for home cybersecurity.

Is Windows Defender enough for antivirus protection?

For most home users practicing safe online habits, Windows Defender provides excellent protection, consistently scoring 6/6 in independent testing. Additional paid antivirus may benefit users with higher risk profiles.

Should I freeze my credit?

Yes. The Federal Trade Commission calls credit freezes the best protection against identity thieves opening new accounts in your name. Credit freezes are free at all three major bureaus since 2018.

How much does home network security cost?

HardEdge Security offers a free 30-minute consultation, security assessments for $150, and full network security installations ranging from $1,500 to $3,000 depending on home size and complexity. Many security improvements like enabling MFA and freezing credit are completely free to do yourself.

Do I need a VPN for my home network?

For most home users, a VPN provides limited security benefit since most web traffic is already encrypted with HTTPS. VPNs are most useful on public WiFi networks. A properly configured router with a hardware firewall provides more comprehensive home network protection.

How do I secure my smart home devices?

Key steps include: change default passwords on all devices, enable two-factor authentication on device accounts, put IoT devices on a separate guest network, keep firmware updated, and only buy devices from reputable manufacturers who provide security updates.

Real Threats. Real Families. Real Consequences.

$944,000

stolen from retirement accounts

55,000+

families' cameras compromised

44%

recovery rate after 2+ years

Source: FTC, DOJ, and court records

These aren't hypothetical scenarios or scare tactics. Every case on this page is documented, verified, and sourced from FTC enforcement actions, Department of Justice prosecutions, and court records.

Understanding how these attacks actually work is the first step to making sure you're not next.

Smart Home Attacks

Your security cameras and baby monitors can become surveillance tools—for someone else.

55,000+ Victims$5.8M FTC Settlement2019-2023

Ring Camera Breach — 55,000 Families Exposed

An 87-year-old woman was sexually harassed through her own bedroom camera by a stranger who had taken control of her Ring device. Children were taunted with racial slurs in their own homes. Families received death threats whispered through the speakers of cameras they had installed for protection. This wasn't a sophisticated nation-state attack—it was credential stuffing, where hackers used passwords stolen from other breaches to log into Ring accounts.

The FTC investigation revealed that Ring's security practices were so negligent that employees and contractors had unrestricted access to customer videos, and the company failed to implement basic security measures until after thousands of families had been victimized. Ring's parent company Amazon paid $5.8 million to settle the charges, but for the families whose most private moments were violated, no settlement can undo what happened.

Source: FTC Enforcement Action, May 2023

What Would Have Prevented This

Password manager ensures unique credentials for every account—credential stuffing fails. MFA blocks unauthorized logins even if passwords are compromised. Network segmentation isolates cameras so compromised devices can't access your main network.

11+ Families TargetedArmed SWAT Response2020-2021

Ring Swatting Attacks — Armed Police Sent to Innocent Families

Hackers compromised Ring cameras, then called 911 to report fake emergencies—hostage situations, shootings, bomb threats—at the victims' homes. When armed SWAT teams arrived with weapons drawn, the hackers watched through the hijacked cameras, taunting both the terrified families and the police officers through the speakers. In some cases, they live-streamed the chaos to online audiences for entertainment.

Two men, Kya Christian Nelson of Arizona and James Thomas Andrew McCarty of North Carolina, were prosecuted for orchestrating at least eleven of these attacks across multiple states. The victims included families with young children who found themselves face-down on their own floors at gunpoint while a stranger's voice mocked them through their security camera. McCarty pleaded guilty to federal charges and faces years in prison.

Source: DOJ Press Release, December 2022

What Would Have Prevented This

The attack chain requires account compromise first. Password manager + MFA blocks the initial takeover. Without camera access, there's no swatting entertainment value—attackers move to easier targets.

1 Family30+ Days CompromisedInfant Targeted

Baby Monitor Intrusion — A Month of Surveillance

A family in Searcy, Arkansas discovered that a stranger had been talking to their infant through their baby monitor—not once, but repeatedly over the course of an entire month. The hacker had also been manipulating the camera, moving it to watch the parents in their bedroom. The family only discovered the breach when they noticed the camera moving on its own.

This wasn't a technical exploit requiring advanced skills. The monitor used default or weak credentials, and the family had placed it on their main home network alongside all their other devices. The intruder had a front-row seat to the family's most intimate moments for weeks before anyone noticed something was wrong.

Source: News reports, Searcy, Arkansas, 2019

What Would Have Prevented This

Password manager eliminates weak/default credentials. Network segmentation places IoT devices on an isolated network—even if compromised, they cannot see your computers, phones, or other devices. The attacker gets a camera that leads nowhere.

Retirement Theft

Hackers are targeting 401(k)s and IRAs because that's where the money is—and the security often isn't.

$245,000 Stolen$108,000 Recovered2+ Years Fighting

Heide Bartnett — $245,000 Gone in Days

Heide Bartnett of Darien, Illinois opened her 401(k) statement and discovered her retirement savings had vanished. A hacker had used the "Forgot Password" feature on the benefits administrator's website, received a one-time code via email, and gained full access to her account. They added their own bank account, initiated a distribution, and walked away with $245,000—a lifetime of savings.

The attack succeeded because there was no multi-factor authentication protecting the account. The hacker didn't need to guess her password or break any encryption. They simply exploited a password reset flow that sent verification to an email account they had already compromised. Bartnett filed a federal lawsuit against Abbott Laboratories and benefits administrator Alight Solutions. Two years later, she had recovered only $108,000. The rest may be gone forever.

Source: Wall Street Journal, Chicago Tribune, Federal Lawsuit

What Would Have Prevented This

MFA via authenticator app (not email or SMS) stops the attack cold. Even with email access, the hacker cannot generate the time-based code from your authenticator. Password manager ensures your email itself isn't compromised through credential reuse.

$200,000 StolenRetirement Account~2020

Massachusetts Woman — $200,000 Retirement Drained

A Massachusetts woman discovered her retirement account had been systematically drained of $200,000. Like other victims, she had no idea anything was wrong until the money was already gone. The attackers followed the same playbook: compromise the account through weak authentication, change the banking details, and initiate withdrawals before anyone notices.

These attacks succeed because retirement accounts are checked infrequently—often quarterly or less—giving criminals weeks or months to operate undetected. By the time victims discover the theft, the money has been laundered through multiple accounts and is virtually unrecoverable. Federal law provides no guarantee that stolen retirement funds will be restored.

Source: Salem News

What Would Have Prevented This

MFA via authenticator app requires physical possession of your device for every login. Password manager eliminates the credential reuse that enables initial account compromise. These attacks are crimes of opportunity—proper authentication makes you a hardened target.

$99,000 Stolen3 Unauthorized DistributionsFederal Lawsuit

California Woman — $99,000 Stolen in Three Withdrawals

A California woman filed a federal lawsuit after discovering that $99,000 had been stolen from her 401(k) account through three separate unauthorized distributions: $12,000 in September 2016, then $37,000 and $50,000 in October 2016. The thieves didn't take everything at once—they tested with a smaller withdrawal first, then escalated when no alarms were triggered.

The lawsuit named the plan sponsor, administrator, and related parties for failing to implement adequate security measures. The case highlighted a disturbing reality: retirement account administrators often have weaker security than your average social media platform. And unlike credit card fraud, there's no federal guarantee that stolen retirement funds will be replaced.

Source: Bloomberg Tax, Federal Lawsuit (N.D. California)

What Would Have Prevented This

MFA blocks unauthorized access regardless of whether criminals have your password. The pattern of "test withdrawal followed by larger theft" only works when attackers can log in freely. With authenticator-based MFA, the first attempt fails and triggers an alert.

$400,000 StolenEmail Impersonation2024

Jess Leventhal — $400,000 Stolen via Impersonation

Jess Leventhal's retirement account was emptied of $400,000 after criminals posed electronically as his office administrator. They sent fraudulent withdrawal forms to his account manager that appeared to originate from his office email. The forms directed funds to a bank account that didn't belong to Leventhal and had never been used by him—yet the transfer was processed anyway.

This attack combined email compromise with social engineering. The criminals didn't need to hack the retirement account directly; they compromised a trusted communication channel and used it to issue instructions that appeared legitimate. The case remains in litigation, but it illustrates how interconnected our digital lives have become—a weakness anywhere in the chain can cost you everything.

Source: Legal reports, 2024

What Would Have Prevented This

This attack starts with email compromise. Secure email configuration (SPF, DKIM, DMARC) makes impersonation detectable. MFA on the email account prevents the initial takeover. Password manager ensures the email credentials weren't reused from a breached site.

Knowledge Is the First Step. Action Is What Protects You.

Every case on this page was preventable. Password managers, multi-factor authentication, and network segmentation—the defenses aren't complicated or expensive. They just need to be implemented.

Don't wait until you're a case study.

Take the Free Assessment Explore Our Services

Sources & Verification

Smart Home Attacks:

FTC. "FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users' Cameras." May 31, 2023.
DOJ. "Two Men Plead Guilty to Hacking into Ring Cameras and Swatting Victims." December 2022.
Local news reports, Searcy, Arkansas, 2019

Retirement Theft:

Wall Street Journal. "Hackers Are Coming for Your 401(k)." 2021.
Bloomberg Tax. "INSIGHT: $99,000 Stolen From My 401(k)." December 12, 2019.
Salem News. Coverage of retirement account fraud.
Birch Gold Group. "Cyber Fraud Lawsuit Reveals Danger for Most IRAs and 401(k)s." September 11, 2024.