A personal experience with phishing

The importance of second factor authentication (2FA) and unique passwords per account.

A personal experience with phishing
The rats sniffing at your information.

As digital professionals, we are well aware of the myriad threats that await us online. Sometimes, no matter how vigilant we are, we may fall into a cleverly designed trap. Today, I share a recent experience that once again highlights the importance of two-step verification (2FA).

An unusual email

It all started when I received an email on my iPhone informing me that a domain I manage was about to expire. The sender appeared to be my internet hosting provider's customer service, which I did not question at the time.

Urgent message from hosting provider.
Urgent message from hosting provider.

A perfectly designed message

The content of the e-mail was professionally and flawlessly formatted, without the usual spelling mistakes or strange sentence structures that usually ring alarm bells in phishing attempts. Without thinking, I clicked on the link in the email and landed on a login screen that looked perfectly legitimate.

Systems like ChatGPT have greatly improved phishing attacks. Whereas language errors and strange wording were still an indication of deception, that will soon be a thing of the past.

The trap of phishing

I use my iPhone to store my passwords, so I was looking for my login details for the website in question. Since my phone did not recognise the website, it took me a while to find the right credentials. Once I logged in, I suddenly realised that I had possibly fallen into a trap.

The saving second factor

This is where the second factor of two-step authentication (2FA) proved its true value. In the context of 2FA, "second factor" refers to an extra layer of security required in addition to the default password. A second something.

This can be one of the following:

  • Something you know (e.g. a personal PIN or answer to a security question)
  • Something you have (e.g. a physical key, smart card or a device that generates a temporary code as in my case)
  • Something you are (e.g. a biometric identifier such as a fingerprint or facial recognition)

Although I might have disclosed my password to a malicious party, I had secured my account with 2FA. This means that despite possessing my password, a potential intruder would not be able to log in without the second authentication factor. In my case, a unique numeric code generated by my computer or mobile.

Example of the code presented
Example of the code presented

The importance of unique passwords

Moreover, another habit that helped me was generating a unique password for each account. Even if the phisher had managed to access my password, they could not have used it to access my other accounts.

Conclusion: the value of 2FA

While this was an unpleasant experience, it also served as a useful reminder of the importance of good security practices, such as 2FA and unique passwords.

I share this experience in the hope that it serves as a warning to others to be careful and to emphasise the importance of two-step verification.

It may sometimes take some extra time and effort, but this extra layer of security can make the difference between security and risking losing valuable data and privacy. In the face of increasing cyber threats, 2FA is not only recommended - it is an absolute necessity.

Incidentally, of course, I immediately changed the password for security.