Phishing emails #suggestion


Nina E
 

Bruce and Marv,

Thank you for the additional feedback. I revised the note accordingly.

- Nina


Marv Waschke
 

I think a notice like this is a good idea. I've seen "security by obscurity" fail too many times. The size some groups.io groups is an opportunity for a clever phishing exploit. However, Bruce raises a good point: groups.io does solicit.clicks on email links legitimately and therefore the wording of the notice has to provide users some clues on how to identify legitimate notices.

I suggest something like this:
Groups.io sends email messages asking you to confirm or reinstate your Groups.io account by clicking a link in response to events such as inadvertently classifying groups.io messages as spam. Good cyber-hygiene is to avoid clicking on links in email if you are not certain that the link is legitimate. Most browsers and email tools will display the link url in the lower left-hand corner. A good practice is to examine the url. If it is not from groups.io, don't click on the link. It could be a phishing attempt.

Best, Marv


Bruce Bowman <bruce.bowman@...>
 

On Fri, May 13, 2022 at 06:18 PM, Nina E wrote:
I added an ! Important note to Understanding Groups.io accounts > Overview in the Members Manual.
Nina (and Christos) -- I'm concerned about the wording here.

Every account in NC status is sent an email with a link in it to confirm/authenticate their account. Same with bounce probes. A good argument could be made that such emails are "unsolicited"...at best, this is a fine distinction that will be lost on most people.

Generally, I have not seen much by way of phishing attacks here, simply because there's no clear path to making money by hijacking groups.io accounts. With so many groups.io functions that require clicking email links, I wonder if we could be creating unnecessary paranoia about doing that. 

My $0.02,
Bruce


Nina E
 

I added an ! Important note to Understanding Groups.io accounts > Overview in the Members Manual.

 

Thank you for the suggestion.

 

- Nina

 

From: docs@beta.groups.io <docs@beta.groups.io> On Behalf Of Christos Psarras
Sent: Wednesday, May 11, 2022 5:00 PM
To: docs@beta.groups.io
Subject: [docs] Phishing emails #suggestion

 

Hi Nina,

Please refer to this topic, https://groups.io/g/GroupManagersForum/topic/90934004

Apparently we're now beginning to get some (unwanted) attention from those folks, so we may want to add something in the user manual like other sites have, i.e. something like  "Groups.io will never send you an unsolicited login request email" or something to this effect.

Cheers,
Christos


 

Hi Nina,

Please refer to this topic, https://groups.io/g/GroupManagersForum/topic/90934004

Apparently we're now beginning to get some (unwanted) attention from those folks, so we may want to add something in the user manual like other sites have, i.e. something like  "Groups.io will never send you an unsolicited login request email" or something to this effect.

Cheers,
Christos