| ▲ | roelschroeven 9 days ago |
| > “Click a link in the email” is a tiny bit better because it takes the user straight to the GOOD website, and passing that link to BAD is more tedious and therefore more suspicious. "Click a link in the email" is really bad because it's very difficult to know the mail and the link in it are legitimate. Trusting links in emails opens to door to phishing attacks. |
|
| ▲ | johnmaguire 9 days ago | parent | next [-] |
| How would a phishing attack against a website which doesn't use passwords, only magic links, be performed? |
|
| ▲ | ramraj07 9 days ago | parent | prev | next [-] |
| I know not to click links on random emails but comfortably click links on emails I initiated from a website. |
| |
| ▲ | roelschroeven 9 days ago | parent | next [-] | | How do you know the email comes from that website? There are known cases of phishing mails being sent when people expect a legitimate mail. | | |
| ▲ | Yeul 9 days ago | parent | next [-] | | If someone hacks my account and starts ordering stuff on bol it's not my problem but the company's so I don't sleep over it. The company doesn't care either because fraud is just the cost of doing business- ease of ordering> security. | |
| ▲ | KingOfCoders 9 days ago | parent | prev [-] | | The website is abc.com the link in the email is abc.com | | |
| ▲ | soiltype 9 days ago | parent | next [-] | | unless the product manager decided the link in the email is track.monkey.exe/sus/path/spyware?c=behhdywbsncocjdb&b=ndbejsudndbd&k=uehwbehsysjendbdhjdodj or something 2x–3x longer | | |
| ▲ | KingOfCoders 8 days ago | parent [-] | | The question was "How do you know the email comes from that website? " And the answer was, I can find out if the email is from abc.com
by looking at the link, which should also be abc.com I don't click in "track.monkey.exe". I don't click tracking links. I pay a lot of money for my newsletter provider because I can turn off (most) tracking links. | | |
| ▲ | soiltype 6 days ago | parent [-] | | The question was framed that way but in fact this conversation isn't about your personal resistance to a particular scam vector. Many sites do offload 100% of their emailing to 3rd party trackers. Therefore nobody can use those sites without engaging in 3rd party tracking. Therefore these sites have created an environment favorable for this scam vector. |
|
| |
| ▲ | paradox460 9 days ago | parent | prev [-] | | The link in the email is a mailchimp wrapped tracking link with a gibberish URL. What now | | |
| ▲ | kibwen 9 days ago | parent | next [-] | | Or the email is rendered HTML, where the expected URL is used as the text for an anchor whose href is the malicious site. | | | |
| ▲ | KingOfCoders 8 days ago | parent | prev [-] | | I don't click the link. Simple. Track someone else. |
|
|
| |
| ▲ | Cthulhu_ 9 days ago | parent | prev [-] | | You do, but does the average user? Security's reliance on people's behaviour / knowledge / discipline should be minimal. |
|
|
| ▲ | johnisgood 9 days ago | parent | prev [-] |
| Yeah, I was frowning when I read that. It is not any better at all, not even a tiny bit. |
