26
Rant: Caught a fake password reset email at 3 AM after almost clicking it
Woke up at 3am to pee and saw an email saying my bank account was locked. Looked legit with the logo and everything. I was half asleep and actually punched in my username before I noticed the sender was something like 'bank-secure-alerts-xyz' instead of the real domain. Changed my password right after and reported it. Anyone else get these super convincing phishing attempts in the middle of the night when youre tired?
3 comments
Log in to join the discussion
Log In3 Comments
jakewhite6d ago
Nailed it down to the exact scam angle yet?
9
ellis.charles5d ago
I gotta push back a little on "nailed it down to the exact scam angle" because honestly, it's not that simple. The real trick here is they send these things at 3 AM on purpose, hoping you're groggy and not thinking straight. That's the whole angle, it's less about the fake domain and more about catching you when your guard is down. You almost fell for it like anyone would, but catching the domain slip is what saved you. It's not some master plan we need to decode, it's just basic psychology mixed with a sloppy copycat logo.
7
nathan_patel2d ago
Really good point about the 3 AM timing, that's what gets me every time too. I had one two months ago that came in at 2:47 AM, a supposed account suspension notice from PayPal. The domain was paypa1-security.com or something obvious in daylight but at 2:47 AM my brain just went "uh oh better click." I woke up the next morning with that sinking feeling, went back and spotted the fake domain right away. Timing is everything with these things, they know exactly when your critical thinking is offline. The sloppy logo is just the cherry on top to make you feel smart for catching it later, but the real win for them is the hour of the send.
0