So, my personal Twitter account was compromised yesterday because I fell for a phishing e-mail early in the morning while at home when browsing on my personal device.

A momentary lapse in attention. The e-mail got through all spam and phishing filters. I clicked on the ‘Change Your Password’ link and entered the password. The attackers gained access to a single login session, using it to tweet a few scammy cryptocurrency links. I had 2FA enabled, so luckily, they couldn’t take over the full account apart from gaining access to the one session from the phishing flow. Also, the entire thing appeared to be fully AI-automated and not personal.

Goes on to show that no matter how careful we are, all it takes is one slip of the mind. As important as technical cybersecurity, are human processes, policies, procedures that account for worst-case scenarios and the psychology of the weakest link, which is us. 2FA is absolutely essential, but clearly, it is not a technical solution to human psychology. This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions.

Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind.

Go to link →