Terence Eden@Edent@mastodon.social: If you are about to reply saying that you're …

Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @Edent@mastodon.social
Terence Eden@Edent@mastodon.social (2026-06-10 04:53:04)
This is where we get to Game Over. If you add your password here, it'll jump into your account and do who-knows-what.

Two-Factor Authentication won't save you here. If you type in your magic code the scammer will just relay that.

If you click the "OK" button on your Google device, you've authorised an imposter.

A password manager will probably save you - it won't auto-fill on a dodgy domain. But will you think the app is faulty and just manually copy your credentials?

3/4
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/721/884/135/345/378/original/609595ff451224b2.png
---Reply---
Terence Eden@Edent@mastodon.social (2026-06-10 04:58:21)
If you are about to reply saying that you're too smart to fall for this - you're wrong.

One day you will be tired. Or ill. Or hungover. Or grieving. Or drunk. Or in hospital. Or distracted. Or jetlagged.

You are not an extra-special clever boy who is far too wise - unlike those normal people - and could never be conned like this.

Everyone is vulnerable. Yes, even you one day.

I don't blame Cal.com for letting this through. But it's hard to see how to comprehensively stop scams like this.


---Replies---

Gregory@grishka@mastodon.social (2026-06-10 05:21:49)
@Edent supposedly 2FA will stop this.

But also recently someone I know had their Telegram account hacked in a similar way. A link to vote for someone in some contest, which needs Telegram login, except it doesn't do the proper oauth flow but instead asks for your phone number, confirmation in the app, and 2FA password (yes Telegram has it the other way around). I had to ask the right person at Telegram to terminate the scammer's sessions so that person could have their account back.