Why is there a comma in the, title?
this post was submitted on 27 Mar 2025
690 points (99.0% liked)
Technology
68187 readers
3441 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
TIL: Nobody is perfect
glares in the general direction of the White House
...did you think there were perfect people in the White House before this? Or at any point in your life? Haha
(Maybe as a child would that make sense...)
load more comments
(4 replies)
load more comments
(4 replies)
AT this point it is safe to assume you will fall for scams like this in your life. They are too like the real thing. We need the laws and police to catch up to investigating this thus making crime not pay (most of this is from countries that don't work with police - so probably some major international efforts required as well).
That's exactly the issue, how do you prosecute hackers from countries that either a) don't care because they're collapsing/at war/etc or b) actively encourage hackers like DPRK, Russia, China.
There's no way to realistically police it without some One World Government type shit. All we can do is practice good security.
I'm just glad I got my parents trained enough to immediately contact me for anything that seems "off". The result is that they panic needlessly almost daily, but I still prefer that over getting the dreaded "they emptied all our accounts" call.
Perhaps Jason Statham can be part of the solution, a la The Beekeeper
If anyone hasn't seen the videos Jim Browning did a while back about gaining access to a india scam call centers network and subsequently, thier cameras, its a fascinating watch but also pretty concerning.
https://youtube.com/playlist?list=PLBNmQJqxpaMaxqghShRiOnHUjO00ZCsor
One of the worst parts is that sometimes the police are on the scammers payroll, making it hard to take action. It would likely take an international effort to even make a dent against these kinds of places. They make a ton of money off these scams so its going to keep happening.
load more comments
(15 replies)
The original article: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
Don't password managers verify the domain name before offering credentials?
Does that mean he doesn't use a password manager?
Edit: RIP, now that's a proper phishing. I understand where he's coming from
He mentioned that he does and the password manager didn't prompt to autocomplete the password automatically, so he had to force it.
The thing that should have saved my bacon was the credentials not auto-filling from 1Password, so why didn't I stop there? Because that's not unusual. There are so many services where you've registered on one domain (and that address is stored in 1Password), then you legitimately log on to a different domain.
Then add multiple URLs for that entry. You can even have it match on the base domain, so it works on any subdomain, or restrict it to a subdomain.
I assume that works on 1Password, it works on Bitwarden at least.
That said, I could see myself making this mistake. I've had to manually find entries before for one reason or another (e.g. usually use the app, but access the website this one time).
load more comments
(2 replies)
This was mentioned in the write-up, the password manager didn't autofill, but he was too out of it to notice at first
Not everyone uses a browser extension for their password manager.
Depends... if you use an offline password manager ( like keepass), you can ask it to autotype your credentials into anything... if that's what you ask it to do (ie it's not a fault)
Main point though: don't reuse the same credentials across different sites.
They'll get 1 site, but not all the rest of them...