I have been spending a lot of time working with one of the accounts I use to run my websites over the past week, including several tech support calls.  Saturday afternoon I received an email from that account saying that I was over one of my limits and my account may be deactivated if I didn't take action.  This was surprising, but I figured that something just got a little messed up with all of the moving around we were doing, and needed some house cleaning.  Nope, I got phished.  Phishing is masquerading as a trusted entity to lure users into giving up sensitive information, such as financial info, logins, personal details, etc. When I get an email that requires action I try to manually navigate to the website and login, rather than just clicking on the link in the email.  However, this attempt was successful in getting me to part with my password. It was a combination of the work I had been doing on that account, and me being in a rush to get out the door on a Saturday afternoon.  I quickly realized my mistake and reset my password on the account.  It was a unique password, so I didn't need to worry about other accounts being taken over.  This highlights how careful we need to be online these days.  Enable two-step verification on accounts that support it, use complex unique passwords, and always be suspicious.