prokopetz:

prokopetz:

Empty, default-avatar blog that apparently followed me all of five minutes ago just DMed me like:

Screenshot of a Tumblr DM from a blog with a default avatar and an unreadably pixelated username reading: "Hey! I loved your posts regarding religion, I was wondering if you're okay with me asking you a few questions regarding religion? I'd love your input."ALT

I have to admit, as phishing strategies go it’s a novel one.

@lord-haterade replied:

wait what is the phishing part? is there some way they could use your opinions on religion to impersonate you or like steal your identity lol?

Phishing scams often open with seemingly innocuous overtures about random topics. In the context of Tumblr bots, this frequently takes the form of a tag you’ve recently used inserted into an otherwise generic template like “I love your opinions about [tag], can I ask you some questions about [tag]”. If you bite, the bot hands you off to a human operator to exploit the conversational foot in the door it’s created.

The funny part (which I’m jokingly calling novel) is that if this is indeed a phishing bot, it picked religion of all things as the recently used tag to employ. Not exactly safe topic for casual discussion!