Glen Arrowsmith
🤔​ Phishing/Smishing would be a lot more successful if it the payload was in an unsubscribe link. #DontStealThisIdea
Nov 23, 2022 at 5:37amWeb
Show thread👁️à̸̖̜͖͖͇̐͘͠z̸̡̧̈́̌̏̔̌̈z̴̼̥̻̰͉͙̥̟̤͂̽̈͒͊ͅy̴̗̍͐̈́̃͘̚͝👁️Nov 23, 2022

@garrows I actually saw a email phishing unsubscribe thingy. It's like

Blah blah ad about Amazon

If you wish to unsubscribe please login to your account.

Except like always they went the lazy route and the top half of the email was a big picture file.

Show threadGlen ArrowsmithNov 23, 2022
@babyfangs ​ wow that's very evil! and a bit brilliant.
Show thread👁️à̸̖̜͖͖͇̐͘͠z̸̡̧̈́̌̏̔̌̈z̴̼̥̻̰͉͙̥̟̤͂̽̈͒͊ͅy̴̗̍͐̈́̃͘̚͝👁️Nov 23, 2022
@garrows It was really badly done tho. You needed to be really bad to fool for it.
Show thread👁️à̸̖̜͖͖͇̐͘͠z̸̡̧̈́̌̏̔̌̈z̴̼̥̻̰͉͙̥̟̤͂̽̈͒͊ͅy̴̗̍͐̈́̃͘̚͝👁️Nov 25, 2022

@garrows I thought of another idea.

Phishing via GitHub.
To star a GitHub repo you need login.
So make a copy of a GitHub repo anyone maybe something not well known but is a cool idea.

Go post on a tech site. Use a hyperlink that is linked to a regular word. Use a foreign character as the url characters.
Be like oh hey guys I want you like my post bc I really need it.

No matter how techy you are you can abuse the human nature of wanting to help and sheer lazy to check.

Even if you captured the email and password they are probs gonna change on GitHub after realizing their mistake. You can try that password on other places. Because pretty sure people won't remember then and there where else that was used.