Standard-Plan1506 t1_j8p4jh1 wrote on February 15, 2023 at 11:01 PM

Reply to comment by DarkNet-Magic in Is this mail from the REAL Apple? by Quick_Abbreviations4

Sorry but that’s bs, clicking the link won’t give away anyone’s password. That’s why they’re trying to scam you into typing it yourself. You have to allow a website or an app to log in using your Google or apple login; and even if you do it’s encrypted anyway, no one’s gonna see it

DarkNet-Magic t1_j8p6wm7 wrote on February 15, 2023 at 11:18 PM

Clicking a link absolutely will jeopardize your password. Albeit many phishing links aren’t that complex or intricate, but they are more common than you think.

I do pen-testing in my free time on the side, you would be amazed how often I come across those types of links. Apple accounts are more difficult to bypass, sure, but encryption isn’t an automatic guarantee of security, it just requires a little more complexity in the scripting.

Standard-Plan1506 t1_j8p98k2 wrote on February 15, 2023 at 11:34 PM

No it won’t, stop making up these stories. You won’t get logged in anywhere unless you specifically confirm it by providing your password.

DarkNet-Magic t1_j8padjz wrote on February 15, 2023 at 11:43 PM

I am not making anything up? Why would I have a reason to lie to a stranger on Reddit. If you haven’t come across those types of phishing links, that’s good for you, but to blatantly deny they exist is pure ignorance.

Standard-Plan1506 t1_j8pb59u wrote on February 15, 2023 at 11:48 PM

I don’t know you tell me darknet pentester security engineer. Try me with your script, tell me my password

DarkNet-Magic t1_j8pbzp2 wrote on February 15, 2023 at 11:54 PM

I never said I was a “security engineer”. I said I work in Cyber Security, which Pen-Testing falls under.

Better yet, I’m not wasting nearly two hours creating a phishing script to prove a point. Again, a stranger on the Internet doesn’t mean anything to me.

With that being said, I conclude my conversation with you.

Standard-Plan1506 t1_j8r7aa2 wrote on February 16, 2023 at 11:05 AM

You're talking about session hijacking, mate, you need an exploit to make it work. The idea that you can create a phishing script in 2 hours to steal data from ios is ridiculous. And it's not going to produce a txt with login and pass, that's complete bs. You're familiar with 2FA, right?