Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
Hoping early Monday isn't too late for a small-scale question, so here goes:
In the wake of a friend falling victim to a phishing scam in which they were convinced to send a screenshot of a link to a password reset page (indeed, head-slappingly bad), I'm currently being dragged in real life for my hot take, two-part opinion that
This scam was facilitated by the common advice that you should NEVER follow links because they could be from a hacker and then you will get hacked! and
This advice isn't actually very good, in the sense that nothing bad can really happen to you just from following some random link.
As a web developer I know something about how the web works, but obviously I don't know everything, so I'm curious if someone else can come up with a really bad outcome achievable just by clicking on a link. Could you, say, send an API request to a bank from within your webpage, and then read the response and cookies from the host page? I'm thinking this would be blocked by both browser and site technology. This has to be what CORS is for, right? Not just to annoy me while I'm developing?
Anyway, like I said, suggestions welcome.
In addition to directly injection malware as the other commenters have stated, clicking on a link will also reveal certain information about the person and their device:
The IP address, which can be mapped to a physical location with at least city scale accuracy.
The browser's user agent, which typically contains the OS, browser and its version. This may then be used to find exploits that are likely to work in a follow up attack.
More options
Context Copy link
More options
Context Copy link