Reply to post: Re: "they came back in full force"

Emotet malware gang re-emerges with Chrome-based credit card heistware

Andy The Hat Silver badge

Re: "they came back in full force"

User stupidity is a user clicking on a link in an email from Seyor Moneyov with a link to givus.yourmoney.com

Lack of user experience results in email clients opening in full preview modes and executing whatever crap is embedded in it (hell why do I still see this as a thing in 2022?)

However, why would you regard it as stupid to click on what looks like a regular email from the spoofed email address of your bank which has a full company letterhead and 15 valid embedded links just like a valid one? I received an email which "didn't feel right" but looked genuine ... on investigation it turned out there was just one incorrect character visible in the (long) hover-over link address. More and more companies rely on click-through email linking directly to web portals, it massively increases the target surface for criminals as it increases the risk of making a mistake and clicking the wrong thing ...

Thousands of people pay utility bills, receive a monthly email request for a meter reading and how many click through the email to provide it? How many people click though on a Screwfix offer? How many look at an eBay email notification? While 'click-through" is the norm, security will not get any better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon