A Hypothetical Case of a Phishing Attack

Evan Conrad on November 24, 2018

Let’s say, hypothetically, that we receive an email from an old university address that looks like this: Looks πŸ‘Œlegit.πŸ‘Œ It came from a .edu e... [Read Full]
markdown guide
 

Absolutely loving your posts!

Just wanna check in to let you know we’re actively working on the stuff you outlined in the recent DEV UX post. 😊

Kind of just felt like re-iterating that out of appreciation for the knowledge-share you’ve been providing.

 

Thanks so much Ben! :)

And awesome! If I get a chance I'd like to try and help! Though at the moment I'm so swamped from other duties πŸ˜…

 

Friend of mine did this on two phishing attempts. Both times it turned out to be a pentest.

Maybe you could even delete any data they might have successfully phished:

  • Send them Mr. DROP TABLES's credentials.
  • Scan for open ports. Sometimes databases are not well protected.
 

Here I think about the importance of 2FA on every important account in the first place. It does not solve everything, but it is another (important) layer of protection. Clever phishing attacks are incredibly hard to detect. Nice article, Evan!

 

Fun idea.

Quick word of warning, because I can't tell from the intro whether you're aware or not - Full sender email addresses can be spoofed. I can send you an email that has "Google Support" as the "from" name and "support@google.com" as the "from" address.

 
 
 

Is this the correct way to handle the situation? Maybe... 😝

code of conduct - report abuse