Welp. I just got an e-mail with as message “you have a confidential message from x from Az Jan-Palfijn”. With a link. That link takes me to this page:
And says “well before you can read this super secret message, you have to unlock it.. by sending an e-mail to the .. exact same e-mail address as before”.
Doing that, takes you back to your mail, which contains just a temp link to this page again. Then I can read the message. (and download it)
It wasn’t confidential in any way: no test results or anything like that. But even if it was, what is the point of this roundtrip to the same medium? Its like a very poor implementation at an attempt of 2FA. If they wanted to build in a security layer – I get it why they would – they should just have send me a code with sms on my phone.
You know like 2FA..
They have my phone. They send messages to remind you about appointments. This.. I do not get at all.