Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Broadcom just did the same thing: e-mail from the CEO inviting people to sign up for a holiday party. Headers were legit with DMARC pass, SPF pass. You were asked to click a URL that showed a Google Drive document but actually led to another site. That and some typos were the only clues that it wasn't legit.



Ah, that would explain why I didn't see you at the party last night. Too bad, we had a blast. /s

In all seriousness how is a laymen supposed to know it's phishing? I assume Broadcom has specific places/processes to organize parties that people should know about?

This kind of email is especially clever as it plays on FOMO which so many people seem to have.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: