pull down to refresh

Security Tip: Use an Email Add that displays email addresses
661 sats \ 4 comments \ @kepford 1 Apr security
Over and over again people fall for phishing scams. An email that looks like it is coming from a legit sender turns out to be a scam.
One way you can fight this attack is to only use an email client that displays the full email address. Not just part of it. Not just the from name. Do not assume that because an email has the name "Amazon" the from field that it is from Amazon.com. Look at the address.
Now, it is possible for someone to spoof an email address but most of the time the scams I see don't even do this. I suspect this is because of expansion of DMARC policies. Many people simply do not check the actual email address.
Other tips, don't click links in emails that you were not expecting to get like emails with log in links. Instead, visit the site and log in direction on the site. If you must click a link in an email look at the actual URL. Don't blindly click the link and for sure do not enter your credentials in a site without checking the domain. This is where password managers can help you out. Most filter passwords by URLs and will not suggest an account cred if you are on the wrong site.
I know many of you, maybe most of you know this stuff but I bet there are those that don't. Or, have become lazy.
write
preview
related posts
81 sats \ 1 reply \ @antic 1 Apr
another good one I like to use for important accounts: use uuidgen to generate a new uuid and use gmail's feature of ${username}+${uuid} @ gmail.com (and if you don't want to use gmail as primary, you can have it forward to protonmail or wherever.
This makes your login username also be a non-guessable unique password per service. You'll know who sold your email (or who got data breached) by what your incoming address is. And if your email does get leaked, nobody will be able to guess your email for other accounts, preventing brute force attempts and password reset phishing shenanigans.
reply
10 sats \ 0 replies \ @kepford OP 1 Apr
Yep, that's a great tip. Simple Login is a paid service that allows you to do this as well. You can self host it as well.
reply
10 sats \ 0 replies \ @02a9a61fdc 2 Apr
I use Simplelogin to generate single-use mail addresses that forward mails to my "real" address. For each service that requires an email you can generate a new address with one click. Once you start receiving unwanted spam you can just turn the address off. This also has the advantage that you know which service leaked your email address.
reply
5 sats \ 0 replies \ @thegwjw 1 Apr
ALWAYS a good reminder 👍
reply