| ▲ | bix6 4 days ago | |
Any write up? I would like to learn more to avoid. | ||
| ▲ | dns_snek 3 days ago | parent [-] | |
The exact attack they described is less of an issue these days due to HSTS and preloading, but: - make sure you're connected to the expected official domain (though many companies are desensitizing us to this threat by using distinct domains instead of subdomains for official business) - make sure you're connected over HTTPS (this was most likely their issue) - use a password manager which remembers official domains for you and won't offer to auto-fill on phishing sites - use a 2FA method that's immune to phishing, like passkeys or security keys (if you do this, you get a lot of leniency to mistakes everywhere else) | ||