this post was submitted on 02 Dec 2024
226 points (89.0% liked)

Ask Lemmy

27089 readers
2641 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 2 years ago
MODERATORS
 

Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here's the text message I got leading here.

"Wishing you a bright and sunny day!" Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.

you are viewing a single comment's thread
view the rest of the comments
[–] ech@lemm.ee 59 points 1 day ago* (last edited 1 day ago) (2 children)

Why the fuck did you click a link like that in the first place? That first message is basically screaming at you that it's a phishing attempt.

Best opsec is to delete and block, ideally without opening it at all to avoid read receipts (if that's a function in your phone). If you think it might be legit, go to the website on your own and find a way to confirm independently. If that's still too much to follow through with, at the very least don't click random links sent to you unprompted.

[–] joshcodes@programming.dev 15 points 1 day ago

Hey dude, you had an opportunity to educate someone and instead you belittled them. As someone who works in cyber, please don't do that. People get stigmatised against cyber and IT professionals and they stop trusting us. Users don't know what we do, so be kind to them the way you should be kind to anyone learning new things. https://xkcd.com/1053/

[–] Ihnivid@feddit.org 1 points 1 day ago* (last edited 1 day ago) (3 children)

Could someone educate me on the possible damage clicking a link can bring, assuming I'm not interacting with the website any more than that?

Not doubting there's damage, just curious. I'd think they'd get some maybe usable info from fingerprinting or something? Could javascripts lead to more serious problems?

[–] Honytawk@lemmy.zip 4 points 1 day ago

The least it wil do is confirm your email to be in use for further scams.

[–] nova_ad_vitum@lemmy.ca 5 points 1 day ago

If you do nothing but click the link and then close the resulting website without clicking anything else, all that will happen is that they'll know you're someone who clicks such links and you're likely to get more of them.

There could theoretically be a vulnerability in your browser that would allow them to infect you with viruses, but such vulnerabilities are much much more valuable used elsewhere (or cashed in through security research bounties). One I've seen is that the page further phishes you into downloading and installing an "update" to your browser that's really a virus, or they simply try to phish you out of money, for example by asking you to pay the shipping costs again.

It's also a way to build lists of who actually clicks the links, that they resell to the next sucker (scamming is suckers all the way down, they all buy The Next Big Technique from some guy), ensuring you will get further spam in the future.

There's actually a fun technique to do to avoid further spams when it comes to voice calls. A little know fact is that elevator call buttons are actually just phones that have a phone number, and if you dial the number, it will automatically answer and you will hear whatever is in the elevator (generally nothing). If you pick up but don't say a word, their automated systems will flag you as an elevator phone number and they will stop calling in order to stop wasting resources on calling numbers that won't lead to money.