Hacker News new | ask | show | jobs
by azinman2 3668 days ago
I wonder if this is at all related to a phishing attempt that just got my mom and all her friends. It came in as a "docusign" email that looked reasonably legit (to an ordinary person) that just had one button to sign and review a document. Apparently they asked for email, email password, and phone number. I was surprised to learn about the phone number bit and how they'd use it. Something like this is probably how.

While I'd have thought entering your email password would have been red flag galore, my mom and her friends were all exploited by the social trust aspect "I figured if it was coming from you it would be real."
2 comments
Sephr 3668 days ago
> "I figured if it was coming from you it would be real."

You should set up a strict DMARC policy (p=reject) to prevent people from spoofing your email address. It appears that you have not[1].

Additionally, you should harden your SPF record: change ~all to -all.

[1]: https://dmarcian.com/record-tools/azinman.com

link
azinman2 3668 days ago
It's not a spoof when you're phished and hand over your credentials.

It also was my mom that was phished, not me.

link
Sephr 3668 days ago
Sorry, I don't think you understand.

I'm saying that people cannot send emails to your mother pretending to be you if you were to implement the changes I have suggested.

I didn't say you were phished, I said you were spoofed. Judging by your first comment, your email address being spoofed is how your mother was phished.

link
azinman2 3668 days ago
I do understand :) Perhaps my first comment was not clear. She never received anything from me. I'm not involved at all. It was her friend that got originally phished, which then sent a legitimate email (from an SPF record perspective) to her, which then phished her credentials, and so forth.
link
imglorp 3668 days ago
I just saw one of those. It's especially convincing when they target realtors' address books, because everyone in a real estate transaction is expecting a bunch of docusign links to be flying around from their realtor and their title company. So if something doesn't look kosher, they attribute it to a clunky process and hand over their login.
link
twoodfin 3668 days ago
This is exactly how my parents were phished. Interesting to hear it likely wasn't a coincidence that it came from their realtor.

I subsequently set them up with two factor almost everywhere, but I'd give at least even odds they'd fall for this, too. Sigh.

link