Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Konstantin Weddige (weddige@gruene.social)'s status on Thursday, 04-Apr-2024 13:55:16 JST Konstantin Weddige

Welcome to another edition of "Is this phishing?"
Assume the email is in principle plausible and the transaction ID exists. What is the worst that can happen if you press send?
#phishing
In conversation about 8 months ago from gruene.social permalink
Attachments
1. Screenshot of the email editor in Gmail: Please deal with it! ---------- Forwarded message --------- From: Mr. Hacker <someone@example.com> Date: Fri, 29 Mar 2024 at 12:40 Subject: Kobold letter To: Konstantin <me@gmail.com> Hello, We had issues to transfer the money for the transaction 1234. Could you please forward this to your accountant. Mr. Hacker
  https://gruene.social/system/media_attachments/files/112/190/307/228/341/182/original/b5ac7958f2438e8d.png
- Embed this notice
  Konstantin Weddige (weddige@gruene.social)'s status on Thursday, 04-Apr-2024 13:55:13 JST Konstantin Weddige
  in reply to
  
  This is due to something I call #KoboldLetters. By cleverly (mis)using CSS, attackers can display completely different emails to different recipients.
  The problems with HTML and CSS in emails have been known for a long time, but the security implications have usually been underestimated or actively downplayed. That's why I wrote an article explaining how HTML emails can be used to deceive recipients into becoming part of an sophisticated #phishing attack.
  https://lutrasecurity.com/en/articles/kobold-letters/
  
  In conversation about 8 months ago permalink
- Embed this notice
  Konstantin Weddige (weddige@gruene.social)'s status on Thursday, 04-Apr-2024 13:55:15 JST Konstantin Weddige
  in reply to
  
  If your answer was "everything", you were right. Because the email your accountant would receive wouldn't look anything like the one you forwarded.
  In conversation about 8 months ago permalink
  Attachments
  1. Screenshot of an email in Gmail: Please deal with it! ---------- Forwarded message --------- From: Mr. Hacker <someone@example.com> Date: Fri, 29 Mar 2024 at 12:40 Subject: Kobold letter To: Konstantin <me@gmail.com> Hello Konstantin, I just got confirmation that the drawing I told you about last week is a genuine van Gogh. We had it carbon-dated and our expert found no issues. If you manage to transfer the money by tonight, I can secure it for you. Please use "VG-000" as the reason for the transaction. The amount would be as discussed 1234000€ and the account DE02100100100006820101. Could you please give my regards to your wife? I look forward to playing golf with you both this weekend to celebrate this deal. But be prepared to add a few more losses to your score. I have been playing golf with my accountant twice a week. Mr. Hacker
    https://gruene.social/system/media_attachments/files/112/190/350/588/982/638/original/c6a6f76778e53cf4.png
  Haelwenn /элвэн/ :triskell: repeated this.

Public

Conversation

Notices

Feeds