62
At least he admitted it. That's worthy of respect I think. Just proves that nobody is invulnerable.
That's really how we should think about a lot of things. People don't fall for stuff because they're dumb. They fall for stuff because they're vulnerable.
The biggest takeaway for me is this:
but we all have moments of weakness and if the phish times just perfectly with that, well, here we are.
We can never assume we're above it, all it takes is one not-so-good day to cause you to slip
Phishing emails are getting pretty good these days, and fairly well targeted too. I get some at work that are fairly convincing, emulating emails from services we actually use.
However...
"Hunt clicked on the phishing email, which led him to enter his credentials and one-time passcode into a hacker-controlled login page."
Using a password manager should have prevented this, or at least make it a lot more likely you would realize something is wrong, because it will only enter your credentials on the correct domain name.
I also do the whole "don't click links in emails, go to my bookmark for that service instead" thing as much as I can too. Especially for banking, I never click any link on those messages.
I read in another article about this that he said he thought it was strange his password manager didn’t have an option to autofill on the site, but he went ahead and entered his credentials manually anyway
That would make more sense than not having a PW manager, sometimes you're just so tired out that you run on autopilot without thinking about things.
most definitely, and they do absolutely help, like you said. this is just another example that it could still happen to anyone if they let their guard down. major props to him for the way he handled the situation after the fact too
Heh yeah they're getting better.
One day working in I.T. at a bank, I received an email that was formatted and written really convincingly that someone has referred me for a bigger role with a salary bump, with light/abstract details that could 'be inferred as' relevant to my country, sector & role. It just asked to click-through to see the opportunity-
-which popped-up a warning from the company's I.T. security that this was a phishing testing/training email, and I'd failed.
I usually evade a phish, but this slightly-targeted one got me good.
After that I had to ritualistically double-check potentially legitimate emails from external domains, for sketchy domains/short URLs/links/tracking cookies etc, because they included vendors & 3rd party consultants or contractors we were working with.
At least (the) God(s) know scammers are bad people.
Heh.
Okay, I'm sorry, but that's just kind of ironic.
It's a pretty great example to highlight just how insecure the digital environment is. Only takes one tiny mistake to open yourself up to significant harm.
The fact we know about this deserves respect
Plays the 'jetlagged' card.
this post was submitted on 27 Mar 2025
62 points (100.0% liked)
Privacy Guides
18584 readers
19 users here now
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
founded 2 years ago
MODERATORS