“Apparently they used some phishing script...”
Some of those scripts are quite good. They’ll say something like “We’re EBAY and your account will be shutdown until you verify your data with us” and they’ll look real.
For me, the first thing I look for is whether they have some personal information in the E-Mail, such as my name, address, or part of my account number, or history, etc. If not, I’m done. If so, then I look closer at the links and try to figure out if they’re real or disguised. If the links look real, and if everything else looks real, then I consider logging into the site, but never through their link.
For me, and I suspect most people here, we run through some form of the above, maybe with some added checks that I missed - and the spear-phishers lose. But send it out to a million people in the general public and a whole lot of them will bite.
What gets me is how they got a number not just Twitter EMPLOYEES (mostly white, by the way), but ones with access to sensitive data, to bite. What kind of idiots does Twitter hire anyway?
For me, the first thing I look for is whether they have some personal information in the E-Mail, such as my name, address, or part of my account number, or history, etc. If not, I’m done. If so, then I look closer at the links and try to figure out if they’re real or disguised. If the links look real, and if everything else looks real, then I consider logging into the site, but never through their link.
—
Some very wise advice Bob. Thanks for posting. I’ve seen phishing emails or increasingly websites posing as your ISP (Wow that’s clever!!) and yes they can look real and can easily dupe people.
Be on guard always!