33
Worst week for my email security ever
Last Tuesday I clicked a link in an invoice that looked legit from a vendor I use. Three days later my inbox was flooded with password reset requests for accounts I never made. How do you clean up after a phishing click when you can't reset 50 accounts fast enough?
3 comments
Log in to join the discussion
Log In3 Comments
the_wade9d ago
Oh man, I get what you're saying but I kinda see it differently. Clicking one bad link shouldn't blow up your whole life like that. You probably had passwords floating around that were already compromised or reused from other sites. I've clicked dumb stuff before and never had 50 accounts get hit because I use a password manager with unique passwords everywhere. That phishing link alone wouldn't give someone access to all your accounts unless they already had your credentials from somewhere else. The real issue is how many accounts were using the same or similar passwords across different services. Focus on locking down the important ones first like email and banking, then work through the rest with fresh unique passwords each time.
8
vera1959d ago
Oh no, that's absolutely awful. I've been there and it's such a sinking feeling when you realize what happened.
4
alicecraig9d ago
Nah I gotta push back a little here. Clicking that one bad link absolutely can be the start of your whole world going sideways if it's a session hijacker or grabs your cookies. I got hit two years ago by a fake shipping notification and within hours they had my PayPal, Amazon, and three social media accounts because they stole my browser session not my passwords. Password managers help but they don't stop someone from sitting in your active login if they grab the right token. OP definitely needs to kill all active sessions across every account and device first, then deal with the password resets after that.
2