You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.45K Posts
- 57.9K Comments
- Modlog
https://www.f-droid.org/en/packages/com.trianguloy.urlchecker/
Use this so you might be able to figure out if it is a bad link yourself.
It’s possible, I’ve been tricked last year by a similar attack (the sneakiest attack possible to target privacy people, imho).
I praise IT Security for putting so many safeguards, sandboxes and verifications!
Yes, there is no way to limit the links put in an email by someone else.
It is a dumb stratergy though, as email filters are getting better all the time, so the recipient’s filter will catch on quickly.
To explain further, part of my duties at work as an IT technician is to investigate emails getting caught in the email filter or emails that are reported as bad.
The filter will analyze links, attachments, sender and the general contents of the email, and if it finds something bad, it will block it and inform IT.
We then use a fairly large toolset to investigate the email, we see a lot of metadata, in addition to the email itself.
We also see a quick summary of why the email was blocked, and can look through all incomming mail, even those delivered, to find more from the same campaign and then delete them.
So swapping an ubsubscribe link is no isdue at all for an attacker, but all links en emails are scanned, so if you do do that, it will be discovered very quickly.
As an addendum to my write up on my work with email scanning and the access we have at IT, I allway want to add some context, and I feel this is extra important in a privacy focused community:
This is only dealing with work emails, we do not have access to your external email.
We at my IT team are just interested in getting rid of bad emails from our system, while we have the access none of us are interested in gossip, we go in, investigate the issue, do what we have to to clean it up, and then leave.
That is what our coworkers/employer can trust us on, but as the saying goes, “trust and verify”, there are a lot of logs that log our actions that will show exactly what we did in the system and when.
Gossip and playing office politics is not interesting, they are directly opposed to our work, and I am lazy, I don’t have the time or energy to deal with that.
This is the comment of a person who has been dealing with end users for way too long. Did he need to say that on Lemmy? Absolutely not. This was a statement made because he probably gets asked that question on a daily basis by executives who are worried having their dick pics exposed by the IT department. (As an IT security person who had an IT support job at one time: We have seen enough dick pics on corporate email and stopped giving a fuck years ago, to be honest.)
You poor, poor bastard. Can someone get this person a beer or twelve?
People sending dick pics to who?
Don’t know to who and never cared. Anytime I get the “privilege” to see that shit it’s because of a security incident. People do stupid things and I don’t waste my time trying to figure out why, generally. If it seemed that something illegal was happening, it got passed to HR and law enforcement. Similar to our guy above, I just care about the IT security bits.
Haha, I am fine actually, my workplace is a great place to work, andI have never actually beennasked if we have access to external emails at work.
Last year was fucking aweful due to double heel spurs, bad knees and dealing with psoriasis, this year has been great so far, I got a bonus and bought myself a Panasonic Lumix S5 with several lenses (includibg a large telezoom lens to get those awesome planespotters photos, and some great photos of animals.
I also got my first car after getting my license, a small 2021 Seat Leon PHEV Hatchback, and have got to go places and take photos that I never would have been able to using only public transport.
During this I got my heel spurs dealt with and my knee is far, far better than it was.
So I am doing fine, mostly dealing with long term low intencity depression, but I manage.
EDIT: forgot to add this:
I many added the point of private emails as tjis is a privacy focused community and I didn’t want to give the impression that we have more accces than we do.
It’s possible to let them know the email is active, and they should follow up.
Yes as its just another link, but not that usable deployed alone.
For example, log in to unsubscribe. I had a few marketing emails does this.
However, when’s your last time clicking the unsubscribe link? I guess most people would mark it spam before unsubscribe, at least I do.
Most attackers will consider more eye catching, urgent, and time sensitive subjects like prizes win, exclusive discounts, or account security warning rather wait one clicking on the unsubscribe link. It is more resonable to add a malicious unsub link with all other links. Actually, all links should redirect the victim to the phishing page.
If you are worried about malicious links, try this: https://www.browserling.com/
It’s free :D
An alternative is also https://hyperbeam.com/ which allows you to open a virtual browser. 😜
If you’re worried about notifying the sender that you are a real person, it’s probably not great interacting with the links at all because they are linked directly to your email (same with normal unsubscribe links)
Yeah, true, but I also think the spambot doesn’t really care to send 1 or 1,000,000 mails as it’s just a bot.
I mean, they would target those dummies that don’t read links at all than those that are smart enough to click to those links, they would mainly know your browser and location once you click the link to target more specific scam matching your zone or location, but I am not sure if they would stop sending spam if you never click to those links…