Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nobody is demanding you do. But if you go around claimng people "got phished", then you should be sure.

I've also entered fake credentials into a clearly faked login form to see what'd happen. Would it redirect me to the right site? Just claim the information was wrong? Send me to a mock up of the intranet I was trying to access? You can call it bad policy if you want (although you don't know about my precautions), but it doesn't mean I was phished.



What it does mean, though, is the person who sent the email now knows, at the minimum:

1. Someone receives and reads the email sent to this email address.

2. That person is willing to enter data into a form.

This is 2 pieces of information the person didn’t have before, and it can be used in further phishing attempts in a variety of ways.

It doesn’t mean you were fooled, but that’s only half the story.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: