|
|
|
|
|
|
by massaman_yams
2225 days ago
|
|
|
1. Identify a large number of email newsletter signup pages that don't use captcha and which either send an opt-in confirmation message or a welcome message on signup. 2. Identify a target for some kind of account takeover attack. (Assuming you have other details needed for takeover.) 3. Rent botnet. 4. Perform thousands of signups for the target's email address starting shortly before your attack. If the account's only security notifications (e.g., password reset, etc.) are in the form of emails, the flood of spam will usually keep the target from seeing them until too late. These are real attacks, frequently seen in the wild. |
|
|