We'd do similar tricks but only between a small group who all knew what they'd signed up for. It definitely helped to make you more aware of people trying to get into your accounts. To the point where someone would have to add a long list of disclaimers on sending an innocent link to their holiday pictures if they expected you to view them. And there are still some people who can't get me to click any link they send me (fool me once, etc).
Even so to do it to unsuspecting people isn't nice at all and essentially a breach of trust, especially using a keylogger. Even today I'm not going to use someone else's device to do anything requiring a login so some of the paranoia lingers, but leave your device out of sight for long enough and it might as well be somebody else's.
Samy's little tools always impress me, he gets a ton of mileage out of this stuff and it is a really good warning to read his posts every now and then to get an idea of what a talented individual can achieve.
We'd do similar tricks but only between a small group who all knew what they'd signed up for. It definitely helped to make you more aware of people trying to get into your accounts. To the point where someone would have to add a long list of disclaimers on sending an innocent link to their holiday pictures if they expected you to view them. And there are still some people who can't get me to click any link they send me (fool me once, etc).
Even so to do it to unsuspecting people isn't nice at all and essentially a breach of trust, especially using a keylogger. Even today I'm not going to use someone else's device to do anything requiring a login so some of the paranoia lingers, but leave your device out of sight for long enough and it might as well be somebody else's.
Samy's little tools always impress me, he gets a ton of mileage out of this stuff and it is a really good warning to read his posts every now and then to get an idea of what a talented individual can achieve.
https://samy.pl/poisontap/