@fistfulofdave@weddige that's an interesting point. Makes me want to fully migrate to Proton, even though I'm sure something like this could potentially be an issue there, too. Just less of a chance maybe?
@jake4480@fistfulofdave@weddige I'm all in on Proton. I guess the point, though, is that someone hijacks the email from the point of forwarding, which Proton (or any email provider) obviously has no control over. Maybe the only way to prevent this is to use some sort of hashing mechanism / authentication and send that separately (to confuse an intercept) as a packet to the email client...
@buru5@weddige now, the phishing attacks are SO realistic. Sometimes it looks ultra legit. Something you'd usually use. I get being scammed. It's super easy, especially now. Even for tech savvy folks. No matter how much someone thinks they know.. you'll be having an off day or just be caught off guard, I guess?
@buru5@jake4480 Perhaps I should add some context: with this example, I tried to give a realistic illustration of what this attack pattern is capable of, without adding too much about how to write convincing phishing emails. But with some suggestive wording, you can increase the chance that a call to the manager will not reveal that you are talking about different emails.
@weddige@buru5 it's fantastic. I mean, just the other day my wife was almost fooled by a phony text, and she's BRIGHT, an early adopter - she was dismayed. It's so fast and so dangerous now. Only way is to educate. Like your killer article. By the way, LOVE that moving wave animation at the top of the lutra pages! 😍
@buru5@weddige it's wild. And I've worked in HTML and email both for so long, I figured this would eventually be the way. Mostly the fault of CSS. But still. I'm an HTML purist first. hahaha
Add comment