A student we'd locked for their account sending out phishing emails asked us what happened. I don't know how to tell somebody who hasn't already guessed they got phished "you got phished" without it also sounding a bit like "... you fucking idiot" in my head. Even though I don't at *all* think that, I *know* how good phishing attacks can be and I never blame people for it happening. :(

@georgieboy Given what mobile browsers are doing to the visibility of web page URLs plus how many 'you must authenticate' web services we have, I basically assume that a lot of our users can be phished by anyone who tries hard enough.

(Some spammers are starting to work that hard, but they're not doing phish spam, they're doing the 'please can you do me a favour' manual spam.)

@cks Yeah, we see a lot of finphishing too, but for that they're definitely reading our org charts, whereas the undergrad targeted stuff is spray-n-pray kind of garbage.

@georgieboy Our latest finphishing cloned someone's signature block, too, which shows some reasonably decent advance scouting. I was a bit alarmed by that; with some more work they could have made it very hard to tell in typical mail clients.


@cks Yeah, we’ve seen that one occasionally too.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!