告诉HN:Gmail上的隐藏邮箱地址导致钓鱼攻击
由于如今Gmail的用户体验默认不显示电子邮件地址,只显示姓名,这已经成为一种攻击手段。攻击者通常会发送一封以某个与受害者相似的同事(通常是经理或创始人等)姓名签名的电子邮件。然后,他们会提出一些听起来很普通的请求,比如“你有时间快速通话吗”、“想和你讨论一些事情”或“你能为办公室购买XYZ吗”。Gmail,请修复这个问题,至少对未曾与您互动的用户显示不同的图标或电子邮件地址。
查看原文
Because Gmail UX nowadays does not show email address by default and just the name, this is becoming an attack vector. This typically is leveraged by sending email signed with a person's name that is similar to a colleague (typically a manager/founder etc). Then they ask for seeming ordinary sounding requests like 'Are you free for a quick call', 'Wanted to discuss something with you' or 'Can you buy XYZ for the office'. Gmail please fix this, at-least show a different icon or email address for a user that has not interacted with you.