Short Phish

Those who know me are aware of my low opinion about tracking links in general and URL shorteners specifically.

3 min read

We Need Your Phish!

You probably have noticed we have not philleting new phishes recently. The reason is really simple: we do not receive many phishing emails, and those who have provided us with some of the previous phishes have not been able to send us more.

~1 min read

Clickbait Phish

The title of this post may be a bit of a misonhonor as any good phishing email needs to have a good clickbait title so the Clueless Phish will look into it. This one was a bit more interesting because of the amount of similarly sounding emails it created and the frequency. Also, its style follows that used by marketing firms. Here is the list at the time this post was written:

3 min read

Phishing Credit

I wanted to say this was a slightly more clever than that average phishing email but I can’t. Of the “legal repercussions” style of phishing emails, the FTC voicemail one was better. Still, it deserves to be mentioned. Let’s take a look at it and then tear it apart:

1 min read

Messaging Swiss Phish

Most of the phishing we have talked about comes by email, but that does not have to be the only way. A more sophisticated phisher knows there are other alternatives, such as the voice mail we previously commented on, and chooses the right attack vector for the right target. Today we will once again step away from emails and talk about one I consider particularly effective: messaging.

3 min read

Facebook Phishing

Yet another lazy phisher. The email supposedly pretends to be from facebook. If you are like me and use a mail app that shows you the header and allows you to see what the links in the email are really linking to, this email is just too obviously phishy. Unfortunately there are mail apps that act like the messaging ones I mentioned before, not letting you find out what the button links to until it is too late. I despise said programs with passion.

3 min read

Humanitarian Phish

Another cookier cutter phishing email. You are probably thinking “man, he is really scrapping the bottom of the barrel here.” Yes I am; this site depends on contributions from readers like you!

1 min read

Talkie Phish

Contrary to popular belief, phishing attacks do not only take place through emails. While that is the cheapest way, specially if trying to reach as many potential victims (the marks) as possible, there are other ways.

3 min read

Settling Phish

Early this year we commented on the classical phishing email disguised as an invoice, which usually contains a malware-laden attachment. Well, this is a variant of that email:

2 min read

Confidential Phish

While this is not technically a Nigerian Prince phishing email – its claimed country of origin is two countries South of Nigeria – like the beautiful masterpiece we talked about in a previous post, it is one in spirit. Take a look at the email, posted here in glorious ASCII, and see if you agree with me.