, 13 tweets, 4 min read Read on Twitter
I've got a story to share. Not as exciting as the exploits of @TinkerSec, @HydeNS33k, or @_sn0ww, but a story nonetheless. #DFIR & #BlueTeam in nature. 1/
I worked for a service provider back in the day. And we provided email accounts to customers. 2/
This was back when most places would slap #SquirrelMail or #Horde on top of a #dovecot server. 3/
Already, anyone in the know is thinking "#phishing!" 4/
No #SIEM in place, so no notifications while out of the office. 5/
Come in Monday morning, and we're blacklisted across the board! So many complaints, both in the office and from customers! 6/
This is where good email filters come in play. It didn't take long to find the compromised account. 7/
However, this #phishing attempt intrigued me. They had gone to the trouble of re-creating out login page. 8/
They had also gone to the trouble of masking the true link with an HTML email. (This was back in the day when this wasn't common.) 9/
When you went to this fake login page, if not looking, you would enter your credentials and hit login before you'd know anything was wrong. 10/
The fake page would flash as it stored your creds, and then reload the real page. Made it seem like a blip and all that was needed was to try again. 11/
Mind, this was before this type of phish was common. I was impressed then. 12/
Hate to say it, but the users I was dealing with then still probably would fall for that. /fin
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to 0x01 #Thinker 🕉️
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!