Too Smart to be Fooled by a Phisher?

In August 2022, Twilio, Cloudflare and Cisco said phishers tricked their employees into revealing their credentials. Employees of all three companies received text messages or phone calls that were sent under the premise that there were urgent circumstances requiring that they take action quickly. The phishers gained access to the internal systems of Twilio and Cisco, but Cloudflare’s hardware-based 2FA keys prevented the phishers from accessing its systems.

Dan Goodin, a data security reporter, tells us that he received an email that same week informing him that his Twitter account had just been verified. The headers showed that the email originated from twitter.com, the link led to the real Twitter.com site and a checkmark appeared on his profile page. Seconds later, he received a DM supposedly from Twitter saying he needed to provide his driver’s license, passport or other government-issued ID. He believed the DM to be genuine. So how do we protect ourselves? Critical judgment and a keen eye are the first lines of defense. 2FA is next, with any form of 2FA better than none. The most important protection, however, is avoiding the mindset that you’re too smart to be fooled by a phisher.