Zerodha Founder and CEO Nithin Kamath has admitted that his personal Twitter (X) account was compromised after he clicked on a phishing e-mail link. The post, shared by Kamath on LinkedIn, has gone viral, not just because of who he is, but because it highlights how even the most tech-savvy people can make simple mistakes online.
Kamath said the e-mail looked genuine and even passed through all spam filters. “I fell for a phishing e-mail early in the morning while at home when browsing on my personal device,” he wrote. “The e-mail got through all spam and phishing filters. I clicked on the ‘Change Your Password’ link and entered the password.”
The attackers then gained access to his Twitter account and posted fake cryptocurrency links before being locked out.
2FA Saved the Account from Complete Takeover
Kamath revealed that two-factor authentication (2FA) saved him from a complete account takeover. “The attackers gained access to a single login session, using it to tweet a few scammy cryptocurrency links. I had 2FA enabled, so luckily, they couldn’t take over the full account apart from gaining access to one session,” he said.
He also mentioned that the entire phishing attempt seemed AI-driven and not targeted at him personally. This reflects a growing trend where cybercriminals use automation tools and AI-generated messages to trick users.
‘All It Takes Is One Slip of the Mind’
In his post, Kamath admitted that the incident happened due to a momentary lapse in attention. “It goes on to show that no matter how careful we are, all it takes is one slip of the mind,” he said.
Kamath added that while technical measures like 2FA are important, they cannot completely protect against human mistakes. “2FA is absolutely essential, but clearly, it is not a technical solution to human psychology,” he wrote.
He further noted that even though Zerodha regularly discusses cybersecurity awareness among its team, one moment of distraction was enough for him to fall victim. “Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind,” he said.
Key Lesson: Cybersecurity Is Everyone’s Responsibility
Kamath’s openness about the phishing attack has been praised across social media for its honesty and relevance. His experience serves as a reminder that cybersecurity isn’t just about technology, it’s also about constant awareness and cautious behaviour online.
In today’s world, where phishing attacks are getting more advanced and realistic, Kamath’s message is clear: stay alert, double-check e-mails, and never click on unknown links, even if they look legitimate.
Muskaan Kapoor
Leave a Reply