| ▲ | n8cpdx 4 days ago | |
I agree that #1 is correct, and I try to practice this; and always for anything security related (update your password, update your 2FA, etc). Still, I don’t understand how npmjs.help doesn’t immediately trigger red flags… it’s the perfect stereotype of an obvious scam domain. Maybe falling just short of npmjshelp.nigerianprince.net. | ||
| ▲ | cataflam 3 days ago | parent [-] | |
> update your password, update your 2FA should practice it for ENTER your password, ENTER your 2FA ;) > Still, I don’t understand how npmjs.help doesn’t immediately trigger red flags 1. it probably did for quite a few recipients, but that's never going to be 100% 2. not helped by the current practices of the industry in general, many domains in use, hard sometimes to know if it's legit or not (some actors are worse in this regard than others) Either way, someone somewhere won't pay enough attention because they're tired, or stressed out, or they are just going through 100 emails, etc. | ||