A pretty clever phishing email: I got a message warning me that my Twitter account was about to be suspended for suspicious activity, inviting me to click a button to prevent this. The URL the button went to was an x.com link, but it used a security vulnerability in Twitter's backend that allowed redirections to push me to an OATH server that would prompt me for my Twitter login and 2FA, and then send the attacker a valid token they could use to take over my account:
=> More informations about this toot | View the thread | More toots from pluralistic
text/geminiThis content has been proxied by September (3851b).