|
|
|
|
|
|
by jhardcastle
3443 days ago
|
|
|
They aren't using popular attachments. They are using customized attachments from the actual compromised sender. I commented elsewhere in the thread, but once they gain your credentials, they will go into your account to get one of your attachments, and then email a screenshot of that to your contacts, some of whom may have already seen that attachment. |
|
|
I get it that the browser ppl will say only their chrome is trusted, but when someone is using your app, your app's internal ui affordances receive that same level of trust in your users' minds.