Jake in the desertApr 10, 2024

'Kobold Letters', a great piece by @weddige on the dangers of HTML email, regardless of viewing method https://lutrasecurity.com/en/articles/kobold-letters

#security #email #HTML #CSS #HTMLEmail #Mozilla #Thunderbird #Microsoft #Outlook #MicrosoftOutlook #Gmail #Google #HTMLEmails

Kobold letters – Lutra Security

Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.

Show threadforrestApr 10, 2024

@jake4480 @weddige

interesting, didn't realize emails could do this.

one question;

"your manager asking you to wire a large sum of money to a bank account.

...

still not convinced, so you call your manager to ensure that the email is legit. He confirms, so you transfer the money.

...

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions.

...

the moment the email appeared in your inbox, it changed."

Show threadforrestApr 10, 2024

@jake4480 @weddige

why wouldn't the employee ask their manager about the contents of the email? "i got an email from you about wiring money?"

in the example, it seems like the theoretically employee says ... "i got an email from you just now, is it legit? oh, it is? thanks."

Show threadJake in the desert
@buru5 @weddige now, the phishing attacks are SO realistic. Sometimes it looks ultra legit. Something you'd usually use. I get being scammed. It's super easy, especially now. Even for tech savvy folks. No matter how much someone thinks they know.. you'll be having an off day or just be caught off guard, I guess?
Apr 10, 2024 at 6:00pmWeb
Show threadforrestApr 10, 2024
@jake4480 @weddige yeah, good point.