• A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
  • Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
  • Hunt has detailed the attack and warned his subscribers in a timely fashion.
    • Jolteon@lemmy.zipEnglish
      10·
      4 days ago

      Most companies add an email header like “X-PHISHTEST” to the phishing tests (and a corresponding spam filter rule) to ensure they don’t get caught by spam filters. If you look at the headers of a spam email, the company test emails will have that header.

      • letsgo@lemm.eeEnglish
        4·
        4 days ago

        Any company that does that needs to be sent on a mandatory awareness training for failing an obvious fake phishing exercise. It’s far too easy to whitelist that and send it to an “ignore” folder.