Victims are often phished without realizing it. Tim Pratt, a freelance writer based in San Francisco, didn't realize he'd been hacked until his Twitter account sent out one of the phishing messages and friends started contacting him.
After checking his browser history, he realized he'd visited one of the fake sites. "I couldn't believe I had that URL in my history," he said. "I'm usually the one who says, 'Don't click on some random link in Facebook.'"
He thinks he probably clicked on a link sent by a friend early Thursday morning and then logged into the fake site without even realizing it. Pratt quickly changed his password and regained control of his account. "I was more embarrassed than anything else," he said.
Hey look, that's ME being the interviewee in a story that made the NY Times!