Comment by vouaobrasil

4 months ago

I feel like attacks like this would be much harder if we had never adopted HTML emails. Then it would make more intuitive sense (for the user) for an institution to write:

(1) Go to our website

(2) Login and check your account

Of course, leigitimate emails do that now, but because of the way we've been trained to "click" (such as "click to verify your email"), this conditioning carries over to phishing and other attacks, whereas that would be impossible with plain text. With plain text, the email verification would have to be "paste this code into a box".

2 comments

vouaobrasil

Reply
MathMonkeyMan  4 months ago

Email clients would probably still parse URLs into links. People would click them. Then people would prefer links that didn't look like gobbledygook, so email clients would start supporting extensions like parsing of [markdown-style links](https://gobbledygook.com/ddkf878dfjlsfd). And then we would arrive at HTML.

  • mdaniel  4 months ago

    > Then people would prefer links that didn't look like gobbledygook

    Well, I can say with relative confidence that people prefer those links but _marketers_ prefer hxxps://awsmail.me/b64trustmebro/8675309== that leads who fucking knows where