Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gruene.social/users/weddige/statuses/112190410951586251">Konstantin Weddige (weddige@gruene.social)'s status on Thursday, 04-Apr-2024 13:55:13 JST</a><a href="https://gruene.social/@weddige" title="weddige@gruene.social"><img src="https://gnusocial.jp/avatar/150140-48-20250411031059.webp" width="48" height="48" alt="Konstantin Weddige" style="position: absolute; left: 0; top: 0;">Konstantin Weddige</a><div><a href="https://gruene.social/@weddige/112190358314529191" rel="in-reply-to">in reply to</a></div></section><article><p>This is due to something I call <a href="https://gruene.social/tags/KoboldLetters" rel="tag">#KoboldLetters</a>. By cleverly (mis)using CSS, attackers can display completely different emails to different recipients.</p><p>The problems with HTML and CSS in emails have been known for a long time, but the security implications have usually been underestimated or actively downplayed. That's why I wrote an article explaining how HTML emails can be used to deceive recipients into becoming part of an sophisticated <a href="https://gruene.social/tags/phishing" rel="tag">#phishing</a> attack.</p><p><a href="https://lutrasecurity.com/en/articles/kobold-letters/" rel="nofollow noreferrer">https://lutrasecurity.com/en/articles/kobold-letters/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2897436#notice-5759526">In conversation</a><time datetime="2024-04-04T13:55:13+09:00" title="Thursday, 04-Apr-2024 13:55:13 JST">about a year ago</time> <span>from <span><a href="https://gruene.social/@weddige/112190410951586251" rel="external" title="Sent from gruene.social via ActivityPub">gruene.social</a></span></span><a href="https://gruene.social/@weddige/112190410951586251">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Konstantin Weddige (weddige@gruene.social)'s status on Thursday, 04-Apr-2024 13:55:13 JST Konstantin Weddige
in reply to
This is due to something I call #KoboldLetters. By cleverly (mis)using CSS, attackers can display completely different emails to different recipients.
The problems with HTML and CSS in emails have been known for a long time, but the security implications have usually been underestimated or actively downplayed. That's why I wrote an article explaining how HTML emails can be used to deceive recipients into becoming part of an sophisticated #phishing attack.
https://lutrasecurity.com/en/articles/kobold-letters/
In conversationabout a year ago from gruene.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice