告诉HN:Poshmark 立即将我的电子邮件泄露给了诈骗者。
在寻找一款冷门电子产品时,我偶然发现了一个在Poshmark上出售的商品,价格比其他地方便宜得多。<p>我当时还没有账户,于是通过谷歌单点登录注册了一个账户,并成功下单。<p>大约一个小时后,我收到了类似卖家发来的邮件,要求我点击链接以验证我的账户,以便资金能够到账。<p>显然这是网络钓鱼邮件。仔细查看后,我发现还有两封邮件在我下单后大约30分钟被正确过滤到了垃圾邮件箱。<p>所以问题是,他们的系统中到底哪个部分如此根本性地出现了问题,以至于骗子能立即获取我的邮箱?卖家在我下单后会收到这些信息吗?<p>如果不是这样,那就意味着他们的系统已经完全被攻破。
查看原文
Browsing for an obscure piece of electronics, I ran across a Poshmark listing that had it for considerably cheaper than anywhere else.<p>I didn't have an account yet, so I signed up with Google SSO and was able to place the order.<p>About an hour later I got an email as if I was the seller telling me to click this link to verify my account for my funds to be deposited.<p>Obviously phishing. Upon closer inspection, I had two earlier that were properly filtered to spam that were about 30 minutes after the order.<p>So the question here is what part of their system is so fundamentally broken that scammers instantly get my email? Does the seller get that upon me making that purchase?<p>And if that's not the case, then that means somebody has completely compromised their system.