Terence Eden@Edent@mastodon.social

Home | Notifications | New Note | Local | Federated | Search | Logout

Terence Eden@Edent@mastodon.social

Longer hair than you.
Got the ⏻ symbol into #Unicode.
Open Standards / Source / Data geek.
Known as @Edent on most social platforms.

Bit obsessed with #SolarPower but not quite a #SolarPunk.
Please read the link before replying. Yes, that means you!

Location: London, UK
Contact: https://edent.tel/
Blog: https://shkspr.mobi/blog
Pronouns: He/Him/♂/男
Joined: 2026-06-10 05:21:52
4 notes, 0 following, 0 followers


Reply to @Edent@mastodon.social
Terence Eden@Edent@mastodon.social (2026-06-10 04:58:21)
If you are about to reply saying that you're too smart to fall for this - you're wrong.

One day you will be tired. Or ill. Or hungover. Or grieving. Or drunk. Or in hospital. Or distracted. Or jetlagged.

You are not an extra-special clever boy who is far too wise - unlike those normal people - and could never be conned like this.

Everyone is vulnerable. Yes, even you one day.

I don't blame Cal.com for letting this through. But it's hard to see how to comprehensively stop scams like this.


Reply to @Edent@mastodon.social
Terence Eden@Edent@mastodon.social (2026-06-10 04:53:04)
This is where we get to Game Over. If you add your password here, it'll jump into your account and do who-knows-what.

Two-Factor Authentication won't save you here. If you type in your magic code the scammer will just relay that.

If you click the "OK" button on your Google device, you've authorised an imposter.

A password manager will probably save you - it won't auto-fill on a dodgy domain. But will you think the app is faulty and just manually copy your credentials?

3/4
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/721/884/135/345/378/original/609595ff451224b2.png


Reply to @Edent@mastodon.social
Terence Eden@Edent@mastodon.social (2026-06-10 04:49:56)
"Huh! I must be signed out of my Google account. Better log in."

That's what the scammer wants you to think.

This is a pretty good spoof page! The UI looks about right and there are no obvious typos.

Even the domain isn't egregious. It isn't a .xyz domain or some super-weird domain name. True, it isn't Google - but it also isn't a random jumble of letters.

Let's type in our email address, just for fun!

2/4
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/721/872/338/339/311/original/ea5268dd5e267f32.png


Terence Eden@Edent@mastodon.social (2026-06-10 04:46:46)
Nasty little phishing attempt unwittingly facilitated by Cal.com

First was this meeting request. Someone filled in my calendar request form.
Looks like a plausible invite - someone wanting to discuss something and a link to a document to review.

This is quite normal. People often want to hire me and will send along a project brief.  What happens if I click on the link?

1/4
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/721/857/616/233/502/original/580920c88635b75b.png