Comment by theamk
Comment by theamk 10 months ago
Do people really fall for scam like that?
First, I assume the author knows the email came from github, as the screenshot does not show this very clearly. If that's the case:
Red flag #1: email links to a variation of real domain. If you don't have information on who github-scanner.com is, it is pretty safe to assume it's a scam , just because it sounds like a real website.
GIANT Enormous Huge Red Flag #2: captcha asks you to types command in shell. I have no comment on how naive one must be to do this.
It’s a numbers game.
Nobody is perfect. The more features of credibility, most likely there will be a higher percentage of conversions. But not everybody has excellent vision, is not time-pressured, and is not tired/exhausted.
There are lots of conditions that make otherwise difficult fraud targets more easy to trick.
And if it can be done at large scale / automated, then small conversion rates turn into many successful frauds (compromised accounts).