- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
Solving the “being human” part of security will probably never happen, which is why you’re encouraged to do stuff like use 2FA, different passwords, service isolation and stuff like that.
Anyone and everyone can be fooled at some point, best to try and limit the damage.
I just never click links in email.
If you use a password manager it won’t fill credentials because it will be the wrong domain
Unfortunately the article said he just put in his credentials anyway, even though his password manager wouldn’t autofill for him. Pretty stupid, but at least he acknowledges it