Phishing failure (or perhaps something more devious)
-
I recently got not one but two messages urging me to log onto the customer support pages for Dutch ISP, XS4ALL. Obviously phishing, but these things always make me curious where they actually link to, so I hovered my mouse pointer over the link. That had a surprise in store:
Trying the second message, dated 20 minutes later, though:
I’m imagining the conversation at phishing HQ to have gone something like:
There, messages sent!
Did you put in the URL I gave you for our fake XS4ALL login page?
Um … I seem to have forgotten that bit …?
Fix it and send it again!
-
@Gurth Maybe it's by design. You'd see the first one, click it and maybe see it's legit, login and there was no alert. Then, 20 minutes later, you'd get the alert email again and ... trust the link again? Maybe it really was something this time?
It's still dumb
-
@hungrier said in Phishing failure:
@Gurth Maybe it's by design. You'd see the first one, click it and maybe see it's legit, login and there was no alert. Then, 20 minutes later, you'd get the alert email again and ... trust the link again? Maybe it really was something this time?
It's still dumb
I think it's exactly that. The second time you log in they've got your credentials and it's game over. They're probably playing on people's tendencies to ignore "bugs" and "glitches"
-
@hungrier said in Phishing failure:
It's still dumb
It's not about being smart.
It's about shooting as much shit as you can so you hit the idiot in the back.
-
@hungrier said in Phishing failure:
@Gurth Maybe it's by design. You'd see the first one, click it and maybe see it's legit, login and there was no alert. Then, 20 minutes later, you'd get the alert email again and ... trust the link again? Maybe it really was something this time?
I hadn’t thought it through that far, but you’re right, it may be more devious than it looks.
So: consider yourself warned, everyone …
