Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?
-
@Jaloopa because this forum software is as trashy as
i dont even know.and the people that get faked by our internal phishing get nastygrams. It doesn't help. One guy actual did it TWICE on two different computers, even after getting the first nasty gram... and it was the SAME PHISHING EMAIL.
I have to hope for humanity that he clicked it the second time intentionally to be funny.
-
@TimeBandit said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
@anotherusername said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
I'd expect them to just embed the email address in the link and log who and when every time it's visited. Seems simpler than fishing through firewall logs to get a list of people who accessed it.
If you create the phishing emails, yeah. But I'm talking about real phishing emails.
@CarrieVS was talking about internal phishing emails sent by their own IT department to see which employees would fall for them.
-
@anotherusername said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
@CarrieVS was talking about internal phishing emails sent by their own IT department to see which employees would fall for them.
I don't know how they check, ok. Or care. I foolishly assumed that the response to my comment was actually about the same thing I was talking about. It's irrelevant to my point, in any case. All I was trying to convey was that it is actively monitored and not on the honour system, it's just that I wouldn't find out about it if a colleague was caught unless they happened to tell me.
-
@darkmatter said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
I have to hope for humanity that he clicked it the second time intentionally to be funny.
Did he use the CEO's login?
(caveat: this joke doesn't work if the CEO was the idiot)
-
@TimeBandit said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
If you click on a link in a phishing email, we remove your access to email and you have to successfully pass our course on phishing before getting your access back.
I'd totally click the link and then refuse the course and enjoy the break from emails.
-
@Groaner said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
@xaade said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
How about we startup a site that sends out phishing attempts, but doesn't actually store the user's information, but instead opens a popup that tells them that they COULD have been just hacked, and then go to a page that explains what just happened.
My understanding is that some large organizations already do this internally.
We do it but I can never remember what the email address is to report phishing so just delete them.
-
@loopback0 said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
I'd totally click the link and then refuse the course and enjoy the break from emails.
Your email access was revoked, you will be notified of it by email.
-
@Lorne-Kates said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
@Maciejasjmj said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
Like this?
wow good thing all the browser makers have decided to get rid of the status bar or shorten it oh wait statusbar4evar
Yes, that's very different from this:
Not saying statusbar is a bad idea, but this ain't a reason to praise it.
Filed under: freaking uploaded image resizing, go away
-
@Jaloopa said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
Training people to ignore certain information is one thing. Training them that actual legit emails have the same things you're meant to be suspicious of in phishing emails is much worse.
I had an email from Spotify telling me I should change my password. It:
- didn't include my name, just "Hi Spotify user"
- had a link to the "Change password" link, not instructions to do it myself
THIS IS THE KIND OF THING WE TELL USERS NOT TO BELIEVE!
Barclaycard:
Never did get a reply to my emails back to them.
-
With all these stupid trends, I feel like we may as well bring back
window.status
.window.status = "Leave a comment on this webzone if you want a pizza roll.";
And why not
<marquee>
and<blink>
too?All three retro-throwbacks, despite being stupid, are not nearly dangerous and abusable as USB API and Battery API.
-
@Sumireko said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
And why not
<marquee>
and<blink>
too?
-
@Sumireko said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
All three retro-throwbacks, despite being stupid, are not nearly dangerous and abusable as USB API and Battery API.
And let's not forget the fact that pop-up sites can make my phone vibrate on end without asking me!
-
I really want to kill you.
-
@El_Heffe said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
I really want to kill you.
Here, take this:
Just clean it before you return it, OK? ;)
-
@Sumireko said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
And why not <marquee> and <blink> too?
function animateMarquee(){ var chars = document.title.split(''); var c = ( chars.splice(0,1) )[0]; chars.push(c); document.title = chars.join(''); } // @TODO Implement blink // @FIXME It's swallowing whitespace after one loop. document.title seems to trim the string setInterval(animateMarquee, 200);
-
I remember being able to do this with
about:
pages, at least 15 years ago. Updates to IE (and other browsers) later restricted the use of about:-pages to a couple of known addresses because the about:-protocol was being abused.It looks like someone felt the need to reimplement the wheel, but didn't pay attention to history.
-
@AlexMedia said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
It looks like someone felt the need to reimplement the wheel, but didn't pay attention to history.
Has anyone who reimplemented the wheel ever paid attention to history?
-
@Jaloopa said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
Training people to ignore certain information is one thing. Training them that actual legit emails have the same things you're meant to be suspicious of in phishing emails is much worse.
I had an email from Spotify telling me I should change my password. It:
- didn't include my name, just "Hi Spotify user"
- had a link to the "Change password" link, not instructions to do it myself
THIS IS THE KIND OF THING WE TELL USERS NOT TO BELIEVE!
I just had the same thing happen to me, so I went to the actual site and asked for a change password link again.
I'm guessing they hope you'll just type in the same password you had before?
-
@anotherusername said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
they could even provide a fake login screen to see if the user would enter their credentials.
And when that happens, their system account is immediately locked.
And they have to visit IT, in person, to unlock it.
-
-
@xaade said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
How about we startup a site that sends out phishing attempts, but doesn't actually store the user's information, but instead opens a popup that tells them that they COULD have been just hacked, and then go to a page that explains what just happened.
They already made one by the (in)famous Kevin Mitnick:
-
@anonymous234 Yeah, only the most recent Chrome doesn't show "https" anymore, it now calls the page "Secure". I'm kind of wondering if you can get an EV certificate for an entity named "Insecure Page", hijinx ensue.
Anyway, my guess is that for security purposes, upcoming versions of FF and Chrome will not display the payload part of data URIs, so you only have literally "data:text/html,…" there.
Frankly, I have no idea why they don't currently display the title of the current document anyway, as they're already hiding the protocol and (at least some) a "www." prefix if present.
-
@uschwarz said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
only the most recent Chrome doesn't show "https" anymore, it now calls the page "Secure".
-
@uschwarz said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
Frankly, I have no idea why they don't currently display the title of the current document anyway, as they're already hiding the protocol and (at least some) a "www." prefix if present.
That's an interesting idea for a browser extension, for those of us who know how to check where they are navigating to.
It's also a terrible idea for people who are already learning the bad habit of ignoring the address bar.
-
@Tsaukpaetra I assume uschwarz meant the preview versions of Chrome.
-
@Tsaukpaetra You can see the "Secure" thing right there in your screenshot. It does still say https in that though
-
@Yamikuronue said in Let's make the URL bar super-short and teach people to ignore it, what could possibly go wrong?:
It does still say https in that though
Hence the . ;)