Almost a year ago, I made a mistake, and had my Paypal account hacked.  I blogged about it here:  http://www.nimbleuser.com/blog.aspx?id=3078&blogid=236&terms=paypal 

This morning, after cleaning snow for two hours, in a hurry, sit down at my desk, and see that I have a direct message from a friend on Twitter:

Not thinking much of it, I click the link and am presented with this screen:

  

My PC sometimes forgets my credentials.  I also use several services that use my Twitter ID as the login.  So, I enter my username and password, click submit, and then, nothing happens.  Something does not feel right, so I look at the URL... at this point what was just my sixth, or maybe my seventh sense finally kicked in and said:  YOU IDIOT YOU JUST GAVE UP YOUR TWITTER CREDENTIALS!

I immediately ran to Twitter, changed my password, and was successful so no harm done.  However, what could the consequences have been, and how should I have handled this situation?

Well, when I first went to the site, there was no red bar, but I still should have been a little smarter.

Lessons learned:

• If you don't know what you're logging into, don't do it.
• You can't expect a phishing filter to protect you.  Not completely.  I must have been one of the first people who fell for it.  About 5 minutes later, the site was closed.
• I login to thousands of things per year.  Every one of them counts and I need to be on my "A" game at all times.  I made a mistake today, luckily one that won't cost me (besides bruising my pride, but I deserve it).  If I hadn't noticed what I just did, my Twitter reputation could have been destroyed, or who knows what. 
• Phishers are smart.  Smarter than me.  They will always stay one step ahead of the game.  Being phished through Twitter is very clever, and an attack that I was not prepared for.
• It's still my fault.  No matter how smart the phishers are, and if the filter did not work, and they used a way that they never used before, and I'm having a bad day and not paying attention, it's my fault and I own the responsibility.  I'm still the person who keyed their credentials into the phony site.  While accepting blame does not fix the problem, I also can't expect someone to protect me from myself.  I need to protect myself, everything else is just an aid.

Well, a less than ideal start to the day.  Time to pick myself up, dust myself off and get on with it.  Do you have any stories about internet security?  I know it's tough to talk about, my goal is to share this story so it does not happen to other people.  Do you have any stories that you can share that might help someone avoid a mistake? 

Have a great (and phish free) day!

Garry
Garry Polmateer
Product Manager
Certified Salesforce Administrator & Consultant
NimbleUser
technology.  for people.

656 Kreag Road Pittsford, NY 14534
518.432.6272
Follow me on Twitter here:  http://twitter.com/DarthGarry
NimbleUser Community:  http://www.getsatisfaction.com/nimbleuser