Using YouTube to steal your files

[echoangle]

You have to trick someone into opening your presentation and clicking a specific button, that’s not something a random person knowing my email could easily do. It’s a problem but I wouldn’t exactly say it allows anyone to access anyone else’s private drive files.

[a012]

My company IT sec person sent a presentation and asked everybody to follow a link inside the slide to go to the training website. So never underestimate a attack vector, also security is just a joke.

[az226]

One click is all it takes. That’s the lowest on the totem pole of social engineering.

[dredmorbius]

It is the sort of direct targeted attack one might expect a motivated adversary to undertake.

And perhaps those who are cultivating botnets or other widespread attacks.

[fragmede]

A random person knowing your email isn't totally random though. a normal person's email address is enough to track down some known associates. Spoof the email as coming from a business partner as the new deck for a side hustle, and the target has been phished. Multiply across every email leaked in recent mega leaks and it's a good thing it was patched!