Home | Notifications | New Note | Local | Federated | Search | Logout
Terence Eden@Edent@mastodon.social (2026-06-10 04:46:46) Nasty little phishing attempt unwittingly facilitated by Cal.comReply
First was this meeting request. Someone filled in my calendar request form.
Looks like a plausible invite - someone wanting to discuss something and a link to a document to review.
This is quite normal. People often want to hire me and will send along a project brief. What happens if I click on the link?
1/4 ---Attachments--- image: https://files.mastodon.social/media_attachments/files/116/721/857/616/233/502/original/580920c88635b75b.png
---Reply--- Terence Eden@Edent@mastodon.social (2026-06-10 04:49:56) "Huh! I must be signed out of my Google account. Better log in."
That's what the scammer wants you to think.
This is a pretty good spoof page! The UI looks about right and there are no obvious typos.
Even the domain isn't egregious. It isn't a .xyz domain or some super-weird domain name. True, it isn't Google - but it also isn't a random jumble of letters.
Let's type in our email address, just for fun!
2/4 ---Attachments--- image: https://files.mastodon.social/media_attachments/files/116/721/872/338/339/311/original/ea5268dd5e267f32.png
---Replies---
Terence Eden@Edent@mastodon.social (2026-06-10 04:53:04) This is where we get to Game Over. If you add your password here, it'll jump into your account and do who-knows-what.
Two-Factor Authentication won't save you here. If you type in your magic code the scammer will just relay that.
If you click the "OK" button on your Google device, you've authorised an imposter.
A password manager will probably save you - it won't auto-fill on a dodgy domain. But will you think the app is faulty and just manually copy your credentials?
3/4 ---Attachments--- image: https://files.mastodon.social/media_attachments/files/116/721/884/135/345/378/original/609595ff451224b2.png