I received a very official email this morning from Tslainsuranceservices.com.

It said my cancellation request was pending and I needed to click the link to verify cancellation.

Of course I did not click the link. The ploy is to get your Tesla logon and pass so they can steal the car.

  • fr0z3nph03n1x@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Use a password manager that verifies domains before filling in details to help thwart these types of attempts. Adding a hardware 2fa device like a yubikey will go even further.

      • fr0z3nph03n1x@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That doesn’t always work because you can get really creative with unicode characters in domains that look almost exactly like the real domain [1]. Not to mention the growing common practice of companies using a different domain for their email sending. Not to mention that sometimes humans just make mistakes? Long story short - your super confident I know everything approach is going to get you burned and you should try to build in actual solutions like domain verification instead of relying on your “huge brain.”

        [1] https://www.thesslstore.com/blog/unicode-domain-phishing/

  • DiputsDoof@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Highly unlikely the ploy is to steal the car.

    The ploy is probably to order stuff from the shop.