Christian Heilmann's blog provides insights into web development, JavaScript programming, and technology advocacy. Readers can find articles covering topics such as web standards, accessibility, and developer tools. Additionally, they can learn about JavaScript frameworks, front-end development techniques, and the future of web technologies.

Christian Heilmann

A developer with 20 years on Twitter/X shares a personal account of falling for a sophisticated phishing attack that resulted in losing access to their account. The post details five key mistakes: acting in a rush during a security task, not scrutinizing a convincing phishing email, failing to check the sender address or link URL, ignoring the browser autofill not triggering on the fake login form, and not having an authenticator app set up. The attacker quickly changed the account email and locked the victim out. Practical takeaways include always verifying sender and URL, treating missing autofill as a red flag, and using an authenticator app rather than SMS-based 2FA.

I fell for a phishing attack and lost access to my X account. Here are five mistakes I did that you need to avoid!

First Mistake: doing any security things in a rush.

Second Mistake: falling for a pretty good phishing mail.

Third Mistake: not checking the URL of the link or the sender of the mail.

Fourth Mistake: not realising a fake form despite using autofill.

Fifth Mistake: allowing myself to be kept busy while the phishing attack is happening.

Wow that was an impressive attack!
I would argue one more thing that too many people get wrong:
Stop using the same damn password for everything!!!

What would of saved you is having two factor setup in the first place. I don’t understand why these sites don’t force you to enable it