• WagnasT@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    4 months ago

    There may not be enough info in the subject line to tell if it is phishing so I think the point is moot. I guess the threat vector could be a zero day exploit for your email client in the body of the message but I don’t see how you’ll be able to detect a problem from just the headers unless it’s really obvious.

    • Broken_Monitor@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      4 months ago

      For context, my gf’s employers have been scolding people for opening them and I think that’s bullshit, mainly for what you just said

      • PlexSheep@infosec.pub
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        Yeah. If you’re targeted by a 0day you don’t really have a chance. If someone uses a 0day they might aswell spend 2 minutes checking the mail for plausibility.

        If it’s not a 0day and your company hasn’t patched, probably not your problem. Curiosity > risk of 0day

        Otherwise, if we extend this lane of thinking, you couldn’t visit any website you don’t know 100% is trustworthy. There could always be a 0day in your browser.