Hi! I am Lawrence

write code like as if your grandmother will maintain it


I Almost Became a Victim of Phishing

Published August 9, 2024

Introduction

I’ve been in the development industry for almost 7 years now, as of the time I’m writing this blog. It’s really fun to watch how technology evolves. From deploying our code manually to a server using FTP and FileZilla, to configuring Docker images and spinning up instances through CloudFormation, Terraform, or CDK, with pipelines configured in either GitLab or GitHub.

I believe in learning through experience since most of the knowledge I’ve gained is not from academic excellence, but from my mistakes in the software realm. Exchanging data from one memory to another was fascinating, but not as fascinating as almost getting hacked.

Yes, I almost got hacked.

In a cozy cold office, I am working on authorizer version 2. It was around 12:25pm when I saw an email from this domain no-reply@sharepointonline[.]corn. Saying,

A large number of files have been deleted - take action now

Background

I finished training regarding cyber security, penetration testing basics, and ethical hacking entry level. I have basic knowledge about cyber threats to begin with.

But yeah, I am so tired and stressed about the task yesterday.

So I clicked the link and redirected to a webpage that is similar to sharepoint, or microsoft 365 login page. Out of nervousness, I entered my email that is not a 365 or even a sharepoint related and a random password, Silly me. That helped not to expose my ms 365 office or sharepoint email and password. However, it exposed my last name like any other email address, and the password I normally used to test some dummy accounts. That helped me not to expose anything, Phew!

It turned out that it was a simulation of our partner security company, and I failed to be a responsible and vigilant internet user. Almost.

Lesson Learned

  1. Never Be Too Complacent
    • Stay vigilant. Overconfidence can lead to oversight.
  2. Trust, but Verify
    • Trust no one completely. Always verify before taking action.
  3. Establish Clear Procedures
    • A well-defined process ensures consistency and reduces errors.
  4. Validate All Digital Information
    • Don’t take anything at face value—always double-check what you receive.

This experience taught me a valuable lesson: No matter how much exposure you have to technology, there will always come a day when you’re tested.

Live and learn.