|
|
|
|
|
|
by shittyadmin
2727 days ago
|
|
|
That's quite true, but I think the value in these attacks is that they work against more technical users than typical phishing attacks - I remember several years ago someone posted a link on a large technical subreddit which appeared to be to youtube.com. It presented a page which claimed to be an age flagged video - at the time youtube was having many problems with age flagging videos - and sure enough many people tried to login to it - they looked at the "(youtube.com)" text on reddit, they looked at their browser when they first clicked the link, but they never noticed when the URL changed to offsite when they had to login. It never struck them that a legitimate youtube link could have sent them offsite. The solution most of those people arrived was simple though: use password managers which will force some extra suspicion if the login page doesn't behave as expected. EDIT: Found the link and discussion, https://old.reddit.com/r/programming/comments/bpy7h/think_yo... By the numbers it looks like about 1/2 the people who made it to the sign in page made it to the submit page. That's a pretty good result especially given that it's a technical subreddit and people were primed with "think you're immune to phishing attacks"... |
|
|
That Reddit shows the domain name next to the link (HN also) is, I think, the key here—it casually set expectations. Most link situations won’t be like that, and so I’m broadly with tptacek, that it’s not actually so useful. Plus, businesses commonly use all sorts of different domains, rather than subdomains, and something like yourbank-security.com instead of yourbank.com may not even raise eyebrows—to say nothing of people probably not even twitching at login.yourbank.com.evil.com anyway.