SwiftOnSecurityDec 31, 2022
Worse, even if you get an email from your mastodon instance (or ANY web service), an authorized SMTP system could have been hijacked and the link directed to a phishing page, potentially even hosted on a hijacked subdomain.
Layers and layers of caution are required whenever you are prompted to take an unusual action.
https://mstdn.social/@stux/109603992325592066
sั‚ฯ…x๐ŸŽ„ (@[email protected])

Attached: 1 image โš ๏ธ WARNING! โš ๏ธ I just received this email in a catch-all that was addressed to a user. Mastodon does NOT such mails and this leads to a malicious login page! Please make sure you are on the correct instance URL before logging in! Also make sure the emails are send from the instance you are on! Often this email can be found on the /about page #Mastodon

Mastodon ๐Ÿ˜
Show threadNot a doctor

@SwiftOnSecurity

About me: I'm old. I ran away with someone I met on the pre-internet in 1981.

I have never had malware on my computer nor given my info to a phishing email.

How?

1) Any link, anywhere on the internet - your browser will tell you where it goes when you hover it on your desktop device or long-press on your mobile. Some sites also warn you if clicking the link would take you off their site.

๐Ÿงต

Jan 1, 2023 at 6:13pmWeb
Show threadNot a doctorJan 1, 2023

@SwiftOnSecurity

2) Some other apps (like PDF viewers) work similarly. In your word processor, you have to work to open a link, and you can see where it goes if you select Edit the link.

3) Don't install random apps. If you're on an ad-supported download site, be especially careful of what you're clicking on.

4) Pop-ups lie. The scarier, the more bogus. If you don't know how to get rid of the popup, close the app.

2/

Show threadNot a doctorJan 1, 2023

@SwiftOnSecurity

5) Tech Support only calls you after you've reached out to them. Ask them to verify your support ticket number before telling them anything.
CALLER: I'm with Microsoft tech support, blah-blah-blah
YOU: Hello, please verify the ticket number you are calling about.

6) These apply to everything - even texts and emails and direct messages from your friends and family.

I assure you, I'm not paranoid.

3/3

Show threadNot a doctorJan 1, 2023

@SwiftOnSecurity

PS

Never share passwords, yours or anyone else's. I raised five children without knowing their passwords.