Comment by bentcorner
Comment by bentcorner 3 hours ago
> So how do you not click links to confirm your email for a new account?
Fair question, but the "don't click links in email" is for emails that you don't expect. And sure, that's an unsatisfying answer because it's hard to communicate this wisdom to your grandmother.
I think the best answer is defense-in-depth. Ensure you use updated email clients, browsers, and OS, and employ a dns blocker like a pihole or equivalent public service.
For less-savvy people a device like an iPad or Chromebook can be a reasonable defense.
If I'm being honest, "don't click links in email unless you were expecting that particular email message" seems easier for grandma than "update x, y, and z, and use Pihole" unless you want to administer her network and devices. But maybe you're saying that an iPad/Chromebook can mitigate all of the above needs? A little bit.
Anyway, while I haven't heard of any cases yet, it wouldn't surprise me if senders of phishing email someday manage to deliver messages shortly after detecting some traffic (DNS lookup?) that you legitimately make with the entity the email is spoofing. Then you're expecting it, roughly.