ContainerSecurity Logo
DKS
Black Forest Shadow/Chapter 2
Chapter 2
2 min read

The Typed Letter

Phishing Awareness

The term phishing refers to fraudulent attempts to obtain sensitive information by disguising oneself as a trustworthy entity in electronic communications. A...

The term phishing refers to fraudulent attempts to obtain sensitive information by disguising oneself as a trustworthy entity in electronic communications. Attackers often impersonate people or organizations you trust to trick you into revealing personal information, such as passwords, credit card numbers, or other confidential data.

If you get an unexpected email that requires urgent action, such as clicking a link to avoid losing access to your account, be cautious. Attackers often create a sense of urgency to prompt quick action without careful consideration. It's called social engineering.

There are a few ways to protect yourself from phishing attacks:

  • Don't panic. Take a deep breath and think before you act.
  • Check the validity of email signatures to ensure the sender is who they claim to be.
  • Check the URL of links before clicking on them.
  • Use the official website or app to access your accounts instead of clicking on links in emails.

NPM Supply Chain Attack of September 2025

On September 8th, 2025, the JavaScript ecosystem narrowly avoided catastrophe.

A single phished maintainer account was all it took for attackers to publish malicious updates to 18 of the most popular NPM packages: libraries like chalk, debug, and ansi-regex that collectively get over 2 billion downloads per week.

For about two hours, anyone running npm install or deploying a fresh build could have unknowingly pulled in these compromised versions. The payload was not just a proof-of-concept. It was a stealthy crypto-drainer, silently swapping wallet addresses during cryptocurrency transactions in web browsers.

If you had a MetaMask wallet open in an app with one of these packages, your funds could have been redirected to the attacker.

The attacker sent a phishing email to the maintainer of chalk, claiming the maintainer was losing access to their account if they didn't do something urgently. Here is the social engineering part. The maintainer clicked on the link in the email, which led to a fake NPM login page. They entered their credentials. Although login was protected with two-factor authentication (2FA), the attacker was able to bypass it using a real-time phishing proxy.

Exercise

  1. What are some red flags that indicate a phishing attempt?