#NithinKamath #Zerodha #CyberSecurity #PhishingScam #AccountHack #AIPhishing #SocialEngineering #TwoFactorAuthentication #OnlineSafety #DigitalSecurity #TechNews #CyberAwareness
Bengaluru: Zerodha co-founder and CEO Nithin Kamath revealed that his personal account on social media platform X (formerly Twitter) was briefly compromised after he accidentally clicked on a phishing email disguised as a security alert.
The incident, which Kamath shared publicly on Monday, underscores the growing sophistication of AI-driven phishing campaigns and the persistent risks even for individuals with strong cybersecurity awareness.
The Phishing Incident
In a detailed post, Kamath explained that he had received an email that appeared to be an official X notification, warning him about a suspicious login attempt on his account. The message prompted him to “change his password” immediately, directing him to what looked like a legitimate login page.
“I clicked on the link and entered my password before realizing something was off,” Kamath admitted. “All it took was one slight slip of the mind.”
The attackers used this access to compromise one active login session and briefly posted links to cryptocurrency-related scams from his account. However, due to Kamath’s two-factor authentication (2FA) being enabled, the hackers were unable to gain full control or log in from other devices.
Damage Contained by Two-Factor Authentication
Kamath confirmed that no sensitive data was lost, and the unauthorized posts were quickly deleted after the issue was detected. Account access was restored within a short period.
He highlighted that 2FA—an additional verification layer beyond the password—played a crucial role in limiting the breach’s impact. “If 2FA hadn’t been on, it could’ve been a lot worse,” he said.
AI-Generated Phishing: A Rising Concern
According to Kamath, the phishing email had bypassed traditional spam and security filters, indicating that the attack may have been AI-generated and automated rather than manually crafted.
“The phishing email seemed fully automated, not personal,” he noted, emphasizing how modern scams now leverage AI to mimic legitimate communication styles, logos, and domains.
Experts say such AI-driven phishing attacks are becoming more common, making them increasingly difficult for even experienced users to detect.
Cybersecurity Lessons and Awareness
Kamath used the opportunity to stress the importance of cybersecurity vigilance, especially in an era where social engineering attacks are evolving rapidly.
“This just shows that even those who deal with tech every day can make a mistake,” he wrote. “While we can automate and secure systems with technology, human behaviour remains the weakest link in any cybersecurity framework.”
He also called for organizations, governments, and individuals to strengthen digital hygiene practices, adopt multi-layered authentication, and stay cautious of unsolicited emails, particularly those requesting password resets or financial information.
Posts Removed, Account Restored
Following the breach, the unauthorized scam links were removed promptly, and Kamath’s access to his account was fully restored. X has not issued an official comment on the matter.
The episode serves as a timely reminder for users to remain alert—even seasoned professionals can be caught off guard by a well-crafted phishing attempt.
Hashtags:
#NithinKamath #Zerodha #CyberSecurity #PhishingScam #AccountHack #AIPhishing #SocialEngineering #TwoFactorAuthentication #OnlineSafety #DigitalSecurity #TechNews #CyberAwareness #XAccount #DataProtection #InformationSecurity
