| About 10 years ago, I got an email from Microsoft of all people(!) which to any reasonably security-trained person would look entirely like a phishing email:[0] 1. It said "Dear User" instead of a name/username; 2. It talked about how they were upgrading their forum software and as such would require me to re-login; 3. It gave me a link to click in the email without any stated alternative; 4. It warned me that if I didn't do this, I would no longer be able to access the forum; 5. The domain of the URL that the link went to was not microsoft.com, but a different domain that had "microsoft" in it. It was a textbook example for how a phishing email would look, and yet it was actually a legitimate email from Microsoft! I haven't had any others like it since, but that was an eye-opener for sure. [0] https://reddit.com/r/facepalm/comments/32ou4z/microsoft_what... [Edit: Fixed a detail I misremembered.] |