this post was submitted on 08 Jul 2024
497 points (99.4% liked)

Cybersecurity - Memes

4310 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Sam1232188@lemmy.fmhy.ml
Alphadef@programming.dev
CannaVet@lemmy.world
497
(I guess) I'm doing my part (infosec.pub)
submitted 2 years ago by TehBamski@lemmy.world to c/cybersecuritymemes@lemmy.world
21 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Broken_Monitor@lemmy.world 10 points 2 years ago (3 children)

Settle an argument for me: Is there anything wrong with just opening a phishing email? No replying, downloading attachments or clicking links. Just opening it.

[–] snowsuit2654@lemmy.blahaj.zone 15 points 2 years ago* (last edited 2 years ago) (2 children)

Generally no-- the payload typically comes from some sort of interaction (click a link, open an attachment, reply to the message). There have been some zero interaction attacks with emails before. Like for example, when the email is previewed in the reading pane in Outlook. These are exceptionally rare and not what we're training against when we do phishing training.

That said, if you know an email is phishing it's always best to not interact with it at all, but you really can't always tell by the sender and subject line alone.

[–] GreatAlbatross@feddit.uk 5 points 2 years ago

It also depends if your client downloads embedded content (images) by default. (For example, a publicly hosted email signature image, rather than an image attached to the email).

[–] dejected_warp_core@lemmy.world 2 points 2 years ago (1 children)

In the case of using the preview pane, there's a subtle case of displaying external images (img src in HTML) where an attacker can get an idea of what content is getting past email filters. The client will just download the image automatically, and the attacker's webserver logs the activity. I think that can be turned off in various email clients, but folks have to be savvy enough to know to do it.

[–] jaybone@lemmy.world 3 points 2 years ago

Doesn’t thunderbird by default not download external images?

Also if I was working IT for some company I would make sure all email clients were configured that way.

[–] WagnasT@lemmy.world 8 points 2 years ago (1 children)

There may not be enough info in the subject line to tell if it is phishing so I think the point is moot. I guess the threat vector could be a zero day exploit for your email client in the body of the message but I don't see how you'll be able to detect a problem from just the headers unless it's really obvious.

[–] Broken_Monitor@lemmy.world 8 points 2 years ago (1 children)

For context, my gf’s employers have been scolding people for opening them and I think that’s bullshit, mainly for what you just said

[–] PlexSheep 2 points 2 years ago

Yeah. If you're targeted by a 0day you don't really have a chance. If someone uses a 0day they might aswell spend 2 minutes checking the mail for plausibility.

If it's not a 0day and your company hasn't patched, probably not your problem. Curiosity > risk of 0day

Otherwise, if we extend this lane of thinking, you couldn't visit any website you don't know 100% is trustworthy. There could always be a 0day in your browser.

[–] TheKMAP@lemmynsfw.com 1 points 2 years ago

If you use Outlook/Windows then opening it is sometimes enough. Swap to GSuite if you can.