Comment

Comment on Creator of HaveIBeenPwned Data Breach Site Falls for Phishing Email

MangoPenguin@lemmy.blahaj.zone ⁨1⁩ ⁨month⁩ ago

Phishing emails are getting pretty good these days, and fairly well targeted too. I get some at work that are fairly convincing, emulating emails from services we actually use.

However…

“Hunt clicked on the phishing email, which led him to enter his credentials and one-time passcode into a hacker-controlled login page.”

Using any password manager would have prevented this (or at least made it a lot more likely to realize something is wrong), because it will only enter your credentials on the correct domain name.

source

Sort:hotnew top

deceiver@infosec.pub ⁨1⁩ ⁨month⁩ ago
[deleted]
source
- MangoPenguin@lemmy.blahaj.zone ⁨1⁩ ⁨month⁩ ago
  That would make more sense than not having a PW manager, sometimes you’re just so tired out that you run on autopilot without thinking about things.
  
  source
GeekMan@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
Heh yeah they’re getting better.

One day working in I.T. at a bank, I received an email that was formatted and written really convincingly that someone has referred me for a bigger role with a salary bump, with light/abstract details that could ‘be inferred as’ relevant to my country, sector & role. It just asked to click-through to see the opportunity-

-which popped-up a warning from the company’s I.T. security that this was a phishing testing/training email, and I’d failed.

I usually evade a phish, but this slightly-targeted one got me good.

After that I had to ritualistically double-check potentially legitimate emails from external domains, for sketchy domains/short URLs/links/tracking cookies etc, because they included vendors & 3rd party consultants or contractors we were working with.

At least (the) God(s) know scammers are bad people.

Heh.

source