Some people can’t dance. Others can’t bake a brownie to save their lives; I fit in that group. And then there are those who can’t write a beliveable PayPal phishing email. Guess which group our phisher belongs to? Exactly.

We have covered some great phishing emails, some terrible ones, and some that are so bad they are good. Today’s example fits neatly in the latter category. First we need to admire it in its glory:

I (at last!) am getting a lot of similar emails recently. Here is one of them. At first, it seems rather harmless: just some company spamming me about some AI course. Try to read it (come on, it is not that long!) and make a point to remember the gist of the email, it’s Subject: and the email address (the From:) of the person sending it.

It has been said before that true classics are timeless and touch everyone regardless of race, colour, or language. I do not think that was originally intended to include phishing emails, but here we are. Every so often a kind soul will contribute with something in a different language, like the email below:

Time for our Black Friday post! We need to be prepared an increase in phishing and other forms of attacks in the period starting on Thanksgiving shopping season and going through Christmas and the New Year. Today’s is one of those I would be watching out for: offering a loan.

Those who know me are aware of my low opinion about tracking links in general and URL shorteners specifically.

You probably have noticed we have not philleting new phishes recently. The reason is really simple: we do not receive many phishing emails, and those who have provided us with some of the previous phishes have not been able to send us more.

The title of this post may be a bit of a misonhonor as any good phishing email needs to have a good clickbait title so the Clueless Phish will look into it. This one was a bit more interesting because of the amount of similarly sounding emails it created and the frequency. Also, its style follows that used by marketing firms. Here is the list at the time this post was written:

I wanted to say this was a slightly more clever than that average phishing email but I can’t. Of the “legal repercussions” style of phishing emails, the FTC voicemail one was better. Still, it deserves to be mentioned. Let’s take a look at it and then tear it apart:

Most of the phishing we have talked about comes by email, but that does not have to be the only way. A more sophisticated phisher knows there are other alternatives, such as the voice mail we previously commented on, and chooses the right attack vector for the right target. Today we will once again step away from emails and talk about one I consider particularly effective: messaging.