Hacker News new | ask | show | jobs
by erelde 3392 days ago
It's not the content of the message.

Typically inside a company (like a bank) there's an email client with a preconfigured contacts list linked to an AD server, the email client will write the email address for you.

So the probability of someone mistyping an email address inside the same company is, I'd say, low. Even lower if it's a recuring contact between two persons who know each others.

That's what's smelling here. You don't mispell an email address when you're replying or sending a message to someone you have an ongoing conversation with.

And if you receive that kind of email from outside the company... Well. That's phishing.
1 comments
dvirsky 3392 days ago
It wasn't an internal email, it was from someone at some private investment fund, and emailed to someone at the bank.

Also, for clarification, 12345678 wasn't the actual number, it was something that looked completely legit.

link
erelde 3392 days ago
I am not saying your story is fake dvirsky if that's you get from my posts. It's just has all the hallmarks of something I trained people around me to notice.
link
dvirsky 3392 days ago
I didn't think this is what you implied, but having seen the actual email, I also think the security bad practice was on the sender side, and this wasn't a phishing attempt.
link