| ▲ | gethly 9 days ago | |||||||||||||||||||||||||
It means that you go to foo.com and enter your e-mail to sign up. But foo.com routes that request and to bank.com, hoping you have an account there. bank.com sends you verification email, which you expect from foo.com as part of the sign-up verification process. For some bat shit crazy reason, you ignore that the email came from bank.com and not foo.com and you type in the secret code from the email into the foo.com to complete the sign up process. And bam! the foo.com got into your bank account. A complete nonsense but because it works in 0.000000000000001% of the time for some crazy niche cases in the real world, let's talk about it. | ||||||||||||||||||||||||||
| ▲ | ascorbic 9 days ago | parent [-] | |||||||||||||||||||||||||
The evil site usually says something like "enter the code from our identity partner x" or something, which is a lot more believable when it's a service like Microsoft that does provide services like that. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||