Disroot Phishing

Yesterday I gave away my email password in a Phishing scam.

I got a page that had disroot type branding and logos saying I had logged out due to inactivity and to log in again.

I gave my password without really thinking… A load of spam was then sent from my email.

2FA now enabled, but I thought I’d let you know.

you should change your password. 2fa wont protect you from this as tlit does not apply to imap which probably is used by the attacker.

please contact us at support_at_disroot.org asap so we can follow up and the issue further.

··· On 2 February 2019 12:37:01 CET, samuk wrote: > > >Yesterday I gave away my email password in a Phishing scam. > >I got a page that had disroot type branding and logos saying I had >logged out due to inactivity and to log in again. > >I gave my password without really thinking.. A load of spam was then >sent from my email. > >2FA now enabled, but I thought I'd let you know. > > > > > >--- >[Visit Topic](http://forum.disroot.org/t/disroot-phishing/5089/1) or >reply to this email to respond. > >You are receiving this because you enabled mailing list mode. > >To unsubscribe from these emails, [click >here](http://forum.disroot.org/email/unsubscribe/00d5d70209e740879e81f2285e6ad6ba2f9052c3614de37f5837d80d83b9cc23).


Sent from my Android device with K-9 Mail. Please excuse my brevity.

1 Like

Password has been changed, just sent the mail…

Happens. Humans are bad at url checking. Use a password manager which shows only the password entries for the site you are visiting.

As example bitwarden. It shows matching entries based on nearly identical url. But you can change the url typ to 100% match.

Next time you won’t see password entries because a computer is very good at matching urls.

In english: default, base domain, starts with, regular expression, exact, never

So you can use base domain or exact. And you won’t type your password in the wrong page again