If a (insert centralized service here) friend tells me about a change of plans, ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

hunter2_ on Oct 10, 2018 | parent | context | favorite | on: A fraudster got $12M out of a Canadian university

If a (insert centralized service here) friend tells me about a change of plans, and I know that messages with that contact were successful in the past, then plans indeed changed because it's spoof-proof so long as you didn't make friends with two accounts that end up sharing a name and so long as the sender didn't fall victim to phishing of creds.

If an email from a contact comes in, the from/sender headers can be spoofed without anyone having fallen victim yet, so maybe plans didn't really change.

Yes there are social aspects but there is also this plainly technical aspect.

_ofdw on Oct 10, 2018 [–]

All you've done is moved the problem from your organization to theirs.

Phishing can still pwn you.

hunter2_ on Oct 11, 2018 | [–]

True, but making credential theft a prerequisite is helpful.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact