Michael Vogel
@briankrebs I've got one basic rule: When I receive a mail that could or could not be phishing, I visit their page, login and check from there. I recently got a message from Dropbox telling me that there are problems with my credit card - and it really looked phishy. Luckily after logging in there I saw the same message.
I really don't understand why companies often don't refer to their pages to validate the mail from there.
BrianKrebs
I recently received an email that at first glance appeared to be a well-crafted phishing message, warning that my Microsoft Entra ID was going to expire in a month if I didn't make a purchase. The only piece of information in the message was my supposed Entra ID.
After checking with Microsoft it appears this automated message is legitimate, and it is in reference to a Microsoft Teams trial account I created for a day and then abandoned. But apart from the Entra ID, which isn't mentioned in any prior communications from Microsoft, there is zero context for the user.
How hard would it be for Microsoft to include just a tiny bit more information in each message? Like, "Hey, this message is about an account created 5 years ago, for Teams" or something. Otherwise these marketing messages train users to fall for phishing scams.
bartle is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All bartle content and data are available under the Creative Commons Attribution 3.0 license.