What is the attack vector here? Does anyone open local files through links out of an email? Does anyone use Windows shortcuts for website? Or is this more confusing on another system?
Oof, I thought you couldn't link to an attachment in an email? Either way, the user will likely be confused by a supposedly.zip file opening a browser window. "Please download the document from our Google Drive [link]" should have the same effect but with fewer red flags.
EDIT: On the other hand, Substack automatically formatting anything.zip as a URL will probably annoy malware researchers :)
What is the attack vector here? Does anyone open local files through links out of an email? Does anyone use Windows shortcuts for website? Or is this more confusing on another system?
I presume it'll be something like "please open the attached payroll.zip file", which of course is a website and not a file.
Oof, I thought you couldn't link to an attachment in an email? Either way, the user will likely be confused by a supposedly.zip file opening a browser window. "Please download the document from our Google Drive [link]" should have the same effect but with fewer red flags.
EDIT: On the other hand, Substack automatically formatting anything.zip as a URL will probably annoy malware researchers :)