- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
I’m no expert, but as I understand it, there are several things that can go wrong just by clicking. This depends somewhat on your browser settings and how you use it.
Visiting a compromised site may allow the attacker to access data from other tabs and windows in the same browser session. Some sites warn you to close the whole browser when logging out because of this.
Sometimes bugs in a browser can allow a site to run arbitrary code on your machine. These hopefully get patched quickly.
If the link was unique to the email, then it could be a signal to the phisher that is a valid address for further targeting.