top | item 42718439

(no title)

I suspect that the strategy I've described in my the post (forwarding a signed email with some modified headers) isn't actually new, and that it's just the first time I've looked closely enough to become interested in how it works.

The whole "put a misleading string in the PayPal name field" thing may be new.

> How would they even validate their new attack vector? I would like to think that there’s scam A/B testing or something similar…

I'm curious about that as well. My guess is that there's nothing as sophisticated as A/B tests with measured results going on, but I'd love to learn more.

discuss

No comments yet.