I’m very careful with privacy and security so I was surprised I got an obvious phishing email from “American Express”. I reported the email and moved on only to get another one today. I checked haveibeenpwned and it came back clear. I have never gotten a phishing email before the other day. As for the senders, they all came from generic IT sounding email addresses. They obviously weren’t American Express.

  • jaybone@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    2 months ago

    I’ve used this many times before. But this is so well known I wonder, why wouldn’t spammers/scammers just remove the “+” and trailing characters before “@“?

    • xigoi@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      True. A more reliable way to achieve this is to buy a domain and use addresses in the form websitename@your.domain.

      • jaybone@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        Yeah that also usually comes up in these types of discussions. Even for technical people, that approach can be a pain to manage.