- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
Does that also mean I should not browse any websites I don’t already know? That’s very limiting.
I never said that. I said do not follow known or suspected phishing links. It takes practice and skill, and it is not always simple. But if you know if it is a risk, you should consider avoiding the risk.
“This looks like it might be phishing. Let me check it out and see what’s on the other side.” <— That’s what I am suggesting to avoid.
Security is an onion: layered. Patched software. Good, unique passwords. MFA. Various security defense tools. But technology can have gaps, flaws, or be circumvented. It’s important to keep in mind that us as individuals are also a security layer, and are often the first or last line of defense.