• biscuitswalrus@aussie.zone
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    Although that might be true, the moment the ‘friend’ gave away his account recovery answers to the phisher I think he would have been compromised either way. It was likely that the phisher was in real time actioning a account recovery, and using the friend as the proxy to give answers to the prompts. Plus since it’s already second hand info we can’t tell, but if the phisher simply asked ‘can you read me the code on your authenticator’ or ‘press approve and you’ll complete the recovery process’ and would have been successful.

    In investigating account breaches I’ve found most people shamefully don’t retell the whole story they’re embarrassed and upset and fearing loss of employment. They kind of shut down. In this case, social status or opinion could bet harmed so it would be hard to trust the story is complete. Generally my logs come from entra ID and you can see the authentication came from the mobile device even though it was a prompt generated by the phisher.

    Anyway I’m a big advocate for layers of security and you’re completely right in your stance. Technology is fragile to exactly what you said. We live in a world of incomplete information using trust and judgement under time pressure and poor sleep. Phishing attacks are ruthlessly designed to target that weakness in people. I’m empathetic when it is successful.