Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
stravant 2 days ago

People realized that past phishing attempts were quite badly constructed and a well constructed one is actually really easy to fall for.

whatamidoingyo 2 days ago | parent | next [-]

> People realized that past phishing attempts were quite badly constructed

I seem to recall that the typos and grammar errors were intentional. This gets rid of skeptical people, and you're left with those who are extremely gullible and likely to fall for it.

ranger207 2 days ago | parent | next [-]

This current spate of attacks might be _because_ of that, in fact. Enough people know that phishing attacks are obviously low quality, so when they see a well-constructed message they're less suspicious

tempodox a day ago | parent [-]

Or it’s because LLMs don’t make spelling mistakes.

rkomorn 2 days ago | parent | prev [-]

First time I've heard this but it actually makes an awful lot of sense.

diggan 2 days ago | parent | prev [-]

> and a well constructed one is actually really easy to fall for

It really shouldn't though, and something you need to be personally responsible for. If it's still possible in 2025 for you to fall for phishing attempts, you're missing something, something that starts with a p and ends with a assword manager.

JW_00000 2 days ago | parent | next [-]

You must be joking. When I try to log in on Outlook I get redirected to 'microsoftonline.com' (suspicious), when I log in on Wikipedia it sends me to something called 'wikimedia.org' (typo squatter?). How the hell am I supposed to know whether npmjs.help or rustfoundation.dev are _not_ the official domains of those projects?

diggan 2 days ago | parent [-]

> You must be joking.

You must be joking, are you still not using a password manager at all?

When you create the username+password combo you either do it yourself, then put in the password manager the domain, or you use whatever the password manager infers at the registration page, then that's basically it, for most sites. Then 1% of the websites insist to use signin.example.com for login and signup.example.com for signup, so you add both domains to your password manager, or example.com.

Now whenever you login, you either see a list of accounts (means you're on the right domain) or you don't (which means the domain isn't correct). And before people whine about "autofill doesn't always work", it doesn't matter, the list should (also) show up from the extension modal/popup, so even if autofill doesn't work for that website, you'd be protected, since the list of accounts are empty for wrong domains.

It's really easy, and migrating to a password manager just sucks the first couple of days, every day after that you'd be happy you finally did it.

oguz-ismail 2 days ago | parent | prev [-]

Nah, I can manage my own ass words. I wouldn't trust a third party have access to all of them anyway

autoexec 2 days ago | parent [-]

Having a password manager that doesn't involve having to trust third parties is what keepass is for