6
I finally got phished after 15 years of thinking I was too smart for it
Last Tuesday I got an email that looked like it came from our company's IT department. It said I needed to update my password because of a security breach, and the link looked legit at first glance. I typed in my credentials before I even thought about it. Turns out the sender address was off by one letter, and the link went to a fake login page that copied our company portal perfectly. I felt pretty dumb when our real IT guy called me 10 minutes later saying a bunch of us fell for it. What saved me was that I had two-factor authentication turned on through my phone, so they never actually got into my account. Has anyone else here almost been caught by one of those fake IT emails? What do you do to spot them quicker?
2 comments
Log in to join the discussion
Log In2 Comments
hugo_jones21mo ago
That 'off by one letter' detail is exactly how they get you - I swear half these scammers just sit around coming up with domain names that look like yours after three beers.
10
johnson.lee1mo ago
Exactly, man, the domain thing is brutal. I got hit with something similar last year where the fake page had 'rn' instead of 'm' in our company name, looked almost identical. I only caught it because I realized the login button had a weird spacing issue, but by then I'd already typed my password in like a dummy. What got me was the urgency in the email - that 'breach' word makes you panic and skip the details. At least you had 2FA, mine was a close call where the scammer tried resetting my Slack password right after.
3