![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I have my own private domain which comes with unlimited email addresses. I use a different, extremely non-public, address for each site that might have access to my banking details.
I've just received emails from two sites that do have some business sending me email -- but *not* sent to the address they ought to have on file. No, they've both sent emails to the address I used for one of my bank accounts before the Epsilon hack a couple of months ago. Interestingly, while at first glance they look like legitimate emails, the links they want me to click are of the www.ebay-upgrades.com type (no, that wasn't one of them). Looking at the headers, my guess is that a third business really ought to get a security expert to look at its mailserver, because they're being parasitised. I suspect that I would deeply regret even clicking on the link, never mind downloading and installing the software updates I'm being invited to install.
I'm surprised it's taken this long to get hit with this, but this is one reason why I use the multi-address approach -- it makes a lot of the phishing attacks stick out like a sore thumb, even when they've managed to grab a private address.
I've just received emails from two sites that do have some business sending me email -- but *not* sent to the address they ought to have on file. No, they've both sent emails to the address I used for one of my bank accounts before the Epsilon hack a couple of months ago. Interestingly, while at first glance they look like legitimate emails, the links they want me to click are of the www.ebay-upgrades.com type (no, that wasn't one of them). Looking at the headers, my guess is that a third business really ought to get a security expert to look at its mailserver, because they're being parasitised. I suspect that I would deeply regret even clicking on the link, never mind downloading and installing the software updates I'm being invited to install.
I'm surprised it's taken this long to get hit with this, but this is one reason why I use the multi-address approach -- it makes a lot of the phishing attacks stick out like a sore thumb, even when they've managed to grab a private address.
