Comment by rootlocus
3 months ago
> Made the mistake of clicking the link instead of going directly to the site like I normally would (since I was mobile).
Does anyone know how this attack works? Is it a CSRF against npmjs.com?
3 months ago
> Made the mistake of clicking the link instead of going directly to the site like I normally would (since I was mobile).
Does anyone know how this attack works? Is it a CSRF against npmjs.com?
That was the low-tech part of their attack, and was my fault - both for clicking on it and for my phrasing.
It wasn't a single-click attack, sorry for the confusion. I logged into their fake site with a TOTP code.
This is a clear example that this can happen to anyone.
Sorry for what you're going through.
This is why Passkeys are getting pushed right now. They make it physically impossible to sign in to a phishing site.
Fake site.
You login with your credentials, the attacker logins to the real site.
You get an SMS with a one time code from the real site and input it to the fake site.
The attacker takes the code andc finishes the login to the real site.
Probably just a fake site.