Humans are not infallible, and this applies even to security experts, as highlighted by Troy Hunt’s recent experience. Hunt revealed that if you have been affected by a data breach, your email may already be listed in the HaveIBeenPwned database.
This database includes individuals who had unsubscribed from Mailchimp’s newsletter because the platform retains these email addresses even after users opt-out. Hunt’s account of the incident offers valuable lessons beyond just recognizing the red flags of scams.
It provides insights into how to structure your digital life to remain secure even when lapses occur. One key takeaway from Hunt’s experience is not to rely solely on warning signs.
In his case, various indicators of a scam were present, such as false urgency in the email, a fraudulent sender, and the failure of 1Password’s autofill feature on the illegitimate site. Despite being a seasoned expert, Hunt fell victim to the scam while he was fatigued and traveling—something we can all relate to.
The lesson here is to avoid clicking on links in urgent messages. Instead, log into your accounts directly.
For phone calls, use the official numbers found on bank statements or the reverse side of your bank card. Another important lesson is that unsubscribing from a service does not guarantee the deletion of your data.
Some companies, like Mailchimp, intentionally retain information about unsubscribed users. To ensure that your data is deleted, you must request it explicitly.
Utilizing unique email addresses for different services can help minimize risks, as this way, a breach of one service won’t easily enable attackers to create a profile of you. Hunt’s experience serves as a reminder that even the most knowledgeable individuals can fall victim to scams.
It emphasizes the importance of continued vigilance. Rather than feeling defeated, we can all take proactive measures to safeguard ourselves in a world where threats are ever-present.