• Moonrise2473@feddit.itOP
    link
    fedilink
    English
    arrow-up
    163
    ·
    3 months ago

    The content of this “important notification” is that to remind me that on January 18, 2025, they will delete the data of Google Currents, because they killed it. I even didn’t know what that product was.

  • Moonrise2473@feddit.itOP
    link
    fedilink
    English
    arrow-up
    115
    ·
    3 months ago

    They know my name, yet they wrote “Dear Google Workspace Administator” as the most generic phishing attempts.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        7
        ·
        3 months ago

        When I worked the email marketing opt out queue I relied heavily on the “this email was sent to [email address]” because 9/10 reports that the opt out didn’t work, they had setup forwarding from one email address to another

    • Rhynoplaz@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      29
      ·
      3 months ago

      Were you expecting a Google employee to notice the issue, think “Uh oh, I better let Moonrise know about this!” and type out an email for you?

      • Vent@lemm.ee
        link
        fedilink
        English
        arrow-up
        45
        ·
        3 months ago

        Email templates are ubiquitous and can easily insert names and any other variable.

      • Moonrise2473@feddit.itOP
        link
        fedilink
        English
        arrow-up
        21
        ·
        edit-2
        3 months ago

        Do you know that’s trivial to write a marketing email like

        “Dear <name placeholder>…”

        I get that Google is just a startup with limited resources and can’t afford expensive marketing tools, but this is a basic feature offered in every marketing email software, even free ones.

        The reason is that a phishing scammer usually just got a leaked/stolen email list without names, and by stating “dear <name>” they show that it’s not a phishing.

        Once you train users that generic emails with “click here to read the message” are legit, then phishers have an easier life.

        In this specific case they’re just announcing that a Google service that nobody was using has been killed (as is tradition) and they’re going to delete the data, there’s no reason at all to have a “click here to read”.

    • azertyfun@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      38
      ·
      3 months ago

      They got the .microsoft TLD a while back specifically for this purpose. Supposedly they want to migrate all their cloud services there, but I learned about that a year ago and I’ve only seen it in use once since (IIRC on Loop…)

      And let’s not forget about facebookmail.com, the official mail server for Facebook login notifications since 2004.

      The tech is here, the risks are enormous, but the corpos don’t care because they don’t bear the costs of phishing attacks and governments are too impotent to enforce minimum standards of cybersecurity.

    • Baku@aussie.zone
      link
      fedilink
      English
      arrow-up
      17
      ·
      3 months ago

      I had to make a police report yesterday, and they wanted me to upload evidence. The (text) message they sent was along the lines of: “A. Last name requests evidence from you. Click here to submit evidence. vp.au/evidence

    • BlueSquid0741@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      9
      ·
      3 months ago

      But there are so many dodgy similar looking ones that auto complete if you’re typing it.

      I went to type in the aka.ms to find a bit locker recovery key. And didn’t realise it autocorrected to something like akam.ms and it was a super sketchy site about bit locker recovery. Luckily I realised straight away even MS wouldn’t host a website like the one I saw.

  • BrikoX@lemmy.zip
    link
    fedilink
    English
    arrow-up
    44
    ·
    3 months ago

    A good rule of thumb is to never click on links in emails. Always go to the domain manually.

  • Eiri@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    3 months ago

    I can see why they would want that. They may consider email to be inherently less safe than their platform, so they don’t send any sensitive information there.

    Canada’s government stuff also generally works that way, except without any links.

    I’m not sure how legit their concerns are, but it’s a thing.

    Canada Revenue Agency notice

    • Carighan Maconar@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      3 months ago

      In fact a lot of things do:

      • My bank
      • All monthly work pay notifications
      • All tax notifications

      It’s just normal to not include the actual information. But like you say, except sometimes the bank, they don’t include links.

  • shalafi@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    ·
    3 months ago

    Reminds me of when Malwarebytes changed the interface to look like a straight up virus. LOL, we were all shitting bricks.

  • thirteene@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    I debated signing in multiple times myself, finally got it validated for a feature that was never enabled. Fuck off Google