@Rob_J@mastodon.social
@guyjantic@infosec.exchange @nixCraft@mastodon.social the idea, as I understand it, is that the attacker would pretend to be the service you intend to use. Then as you try to log in to the fake service, the attacker asks the real service to send you a login code. You give this to the fake service, thinking it is legitimate and the attacker can then use it to access the real service.
Proto Himbo European@guyjantic@infosec.exchange
@Rob_J@mastodon.social @nixCraft@mastodon.social Devious. And this reminds me my personal data backups are not quite up to snuff.