Comment by spoonfeeder006 4 hours ago
So how do you not click links to confirm your email for a new account?
Rather one could use Qubes OS and only open links in disposable VMs and never enter info beyond that
Thats basically what I do when I get emails to confirm my email address for a new account
One can't always avoid clicking links can they?
If I'm being honest, "don't click links in email unless you were expecting that particular email message" seems easier for grandma than "update x, y, and z, and use Pihole" unless you want to administer her network and devices. But maybe you're saying that an iPad/Chromebook can mitigate all of the above needs? A little bit.
Anyway, while I haven't heard of any cases yet, it wouldn't surprise me if senders of phishing email someday manage to deliver messages shortly after detecting some traffic (DNS lookup?) that you legitimately make with the entity the email is spoofing. Then you're expecting it, roughly.
> So how do you not click links to confirm your email for a new account?
Fair question, but the "don't click links in email" is for emails that you don't expect. And sure, that's an unsatisfying answer because it's hard to communicate this wisdom to your grandmother.
I think the best answer is defense-in-depth. Ensure you use updated email clients, browsers, and OS, and employ a dns blocker like a pihole or equivalent public service.
For less-savvy people a device like an iPad or Chromebook can be a reasonable defense.