I can tell when I’m being phished if my password works on the first try
Ok, that’s pretty funny. Nicely done
Step 1: find phishing site
Step 2: find/write brute force script that doesn’t stop on successful login but has longer random delay between attempts (so it isn’t obvious it’s a form of a DOS attack)
Step 3: poison phishing site dataUse proxies from areas that would normally use the service the phishing site is mimicking.
Bonus step: in case the phishers use the same proxies source, make enough invalid login attempts to the actual service to get the proxies IP blocked so they can’t use them to test the large number of invalid logins to find if any are valid.
I want to do this now…
This can occur when you’re entering the correct password, but there is a typo in the username you entered. Nobody spellchecks the username.
It can also happen if your password expired. Active Directory is infamous for just locking accounts if your user doesn’t change their password when they get the popup that it expired
Don’t get me started on captchas
deleted by creator
