docs@beta.groups.io | Phishing emails

Home Messages Hashtags Subgroups

Date Date 1 - 5 of 5

Phishing emails

#suggestion

Christos Psarras #420 Hi Nina, Please refer to this topic, https://groups.io/g/GroupManagersForum/topic/90934004 Apparently we're now beginning to get some (unwanted) attention from those folks, so we may want to add something in the user manual like other sites have, i.e. something like "Groups.io will never send you an unsolicited login request email" or something to this effect. Cheers, Christos
More All Messages By This Member
Nina E #423 I added an ! Important note to Understanding Groups.io accounts > Overview in the Members Manual. Thank you for the suggestion. - Nina toggle quoted message Show quoted text From: docs@beta.groups.io <docs@beta.groups.io> On Behalf Of Christos Psarras Sent: Wednesday, May 11, 2022 5:00 PM To: docs@beta.groups.io Subject: [docs] Phishing emails #suggestion Hi Nina, Please refer to this topic, https://groups.io/g/GroupManagersForum/topic/90934004 Apparently we're now beginning to get some (unwanted) attention from those folks, so we may want to add something in the user manual like other sites have, i.e. something like "Groups.io will never send you an unsolicited login request email" or something to this effect. Cheers, Christos
More All Messages By This Member
Bruce Bowman <bruce.bowman@...> #425 On Fri, May 13, 2022 at 06:18 PM, Nina E wrote: I added an ! Important note to Understanding Groups.io accounts > Overview in the Members Manual. Nina (and Christos) -- I'm concerned about the wording here. Every account in NC status is sent an email with a link in it to confirm/authenticate their account. Same with bounce probes. A good argument could be made that such emails are "unsolicited"...at best, this is a fine distinction that will be lost on most people. Generally, I have not seen much by way of phishing attacks here, simply because there's no clear path to making money by hijacking groups.io accounts. With so many groups.io functions that require clicking email links, I wonder if we could be creating unnecessary paranoia about doing that. My $0.02, Bruce
More All Messages By This Member
Marv Waschke #426 I think a notice like this is a good idea. I've seen "security by obscurity" fail too many times. The size some groups.io groups is an opportunity for a clever phishing exploit. However, Bruce raises a good point: groups.io *does* solicit.clicks on email links legitimately and therefore the wording of the notice has to provide users some clues on how to identify legitimate notices. I suggest something like this: Groups.io sends email messages asking you to confirm or reinstate your Groups.io account by clicking a link in response to events such as inadvertently classifying groups.io messages as spam. Good cyber-hygiene is to avoid clicking on links in email if you are not certain that the link is legitimate. Most browsers and email tools will display the link url in the lower left-hand corner. A good practice is to examine the url. If it is not from groups.io, don't click on the link. It could be a phishing attempt. Best, Marv
More All Messages By This Member
Nina E #427 Bruce and Marv, Thank you for the additional feedback. I revised the note accordingly. - Nina
More All Messages By This Member

1 - 5 of 5

1

Previous Topic Next Topic

Home Hashtags Subgroups About Features Pricing Updates Terms Help Twitter