The code and data behind xeiaso.net
fix: oops
Signed-off-by: Xe Iaso <me@xeiaso.net>
+1
-1
+1
-1
lume/src/notes/2025/we-dodged-a-bullet.mdx
+1
-1
lume/src/notes/2025/we-dodged-a-bullet.mdx
···
36
36
- It sets a deadline a few days in the future. This creates a sense of urgency, and when you combine urgency with being rushed by life, you are much more likely to fall for the phishing link.
37
37
- It links to a website (I'm assuming it's on npm.help), and that website is used to get the two-factor credentials somehow and then start publishing new packages with the exploit code.
38
38
39
-
This is a 10/10 phishing email. Looking at it critically the only part about it that stands out is the domain "npm.help" instead of "npmjs.com". Even then, that wouldn't really stand out to me because I've seen companies use new [generic top level domains](https://en.wikipedia.org/wiki/Generic_top-level_domain) to separate out things like the blog at `.blog` or the docs at `.guide`, not to mention the [`.new` stack](https://www.linkedin.com/posts/tokih_heres-your-builders-guide-to-new-activity-7315851665348141057-9oBM).
39
+
This is a 10/10 phishing email. Looking at it critically the only part about it that stands out is the domain "npmjs.help" instead of "npmjs.com". Even then, that wouldn't really stand out to me because I've seen companies use new [generic top level domains](https://en.wikipedia.org/wiki/Generic_top-level_domain) to separate out things like the blog at `.blog` or the docs at `.guide`, not to mention the [`.new` stack](https://www.linkedin.com/posts/tokih_heres-your-builders-guide-to-new-activity-7315851665348141057-9oBM).
40
40
41
41
One of my friends [qdot](https://bsky.app/profile/buttplug.engineer) also got the phishing email and here's what he had to say:
42
42