The Cyber Safety Newsletter
Posts
One Wrong Click Can Wreck Your Week

One Wrong Click Can Wreck Your Week

Ivan Roganov
April 15, 2025

🧠 Real Story. Real Lesson.

I had a meeting planned with a colleague last Wednesday — rare day at the office, client visit, everything on schedule. But ten minutes before we were supposed to meet, chaos hit.

My colleague rushed in looking panicked, nearly shouting, “I need help — now.”

When I got to his desk, his computer was unplugged and dark. He had yanked the power cord out of the wall.

What happened?

He had received what looked like a legitimate password reset email from his bank. The branding was spot-on. The timing felt urgent. So, he clicked. He entered a new password. But it didn’t work. That’s when he noticed the web address wasn’t:

https://americanexpress.com
but rather
https://americanexpress-banking-support-com.xyz

Classic phishing.

In a panic, he shut down his computer, hoping to “stop the hack.” Unfortunately, by entering his login details, the damage had already been done. Unplugging his computer didn’t undo that. But there was still time to act.

🚨 What We Did — Fast

Within 20 minutes, we were able to stop the breach from going any further:

Contacted his banks and froze all accounts
Installed a password manager (Bitwarden, in this case)
Reset every important password
Scanned his email and other online accounts for signs of compromise

Thankfully, no financial loss or identity theft occurred. But it was a close call.

🔑 The Real Problem? Password Reuse

My colleague had been using the same password across multiple sites. So one phishing scam had the potential to unlock everything — email, bank, cloud storage… you name it.

That’s where password managers come in.

🛠️ What You Should Do

Password managers aren’t just for techies. They create, store, and autofill strong, unique passwords for every site you use — so you don’t have to remember them all.

Here are a few good options:

🧠 Built-in (Apple): Use the Passwords feature in iOS and macOS
🔐 Cross-platform: Bitwarden, LastPass, or 1Password

Bonus: Password managers check the URL before autofilling — so even if you land on a fake site, it won’t offer your login details.

🔒 One More Thing: Turn On 2FA

Wherever possible, enable Two-Factor Authentication (2FA). It adds a second layer of defense — even if someone gets your password, they still can’t log in without a code from your phone.

✅ The Takeaway

Never reuse passwords
Always verify URLs before clicking
Use a password manager
Enable 2FA everywhere you can

One click shouldn’t have the power to ruin your week. With a few smart habits, it won’t.

Have questions about staying secure or want to suggest a topic for a future newsletter? I’d love to hear from you. Email me: [email protected]

If you found this helpful, please share it with friends, coworkers, or anyone who might need a little digital safety boost.

New readers can subscribe and access past issues at:
👉 https://newsletter.thecybersafety.company

Stay safe,
Peter Oram
Chief Cyber Safety Officer