A student we'd locked for their account sending out phishing emails asked us what happened. I don't know how to tell somebody who hasn't already guessed they got phished "you got phished" without it also sounding a bit like "... you fucking idiot" in my head. Even though I don't at *all* think that, I *know* how good phishing attacks can be and I never blame people for it happening. :(
@georgieboy Given what mobile browsers are doing to the visibility of web page URLs plus how many 'you must authenticate' web services we have, I basically assume that a lot of our users can be phished by anyone who tries hard enough.
(Some spammers are starting to work that hard, but they're not doing phish spam, they're doing the 'please can you do me a favour' manual spam.)
@cks Yeah, we see a lot of finphishing too, but for that they're definitely reading our org charts, whereas the undergrad targeted stuff is spray-n-pray kind of garbage.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!