You all know I like to show appreciation for those who can put together a good phishing email/text/call/whatever. As this example will show, you do not need to make it fancy to work; a short clever one will do just fine! Now, it is in Spanish, but who cares? We’ve had them in German before, and I need to put up the ones people sent me that were in French and Russian. But, I am getting ahead of myself: let’s admire today’s phishing email (apologies for removing the accents but I have not figured out yet how to preserve them without getting utf8 error messages):

Some people can’t dance. Others can’t bake, from pasta to a brownie, to save their lives. I fit neatly in that second group. And then there are those who can’t write a beliveable PayPal phishing email. Guess which group our phisher belongs to? Exactly.

We have covered some great phishing emails, some terrible ones, and some that are so bad they are good. Today’s example fits neatly in the latter category. First we need to admire it in its glory:

I (at last!) am getting a lot of similar emails recently. Here is one of them. At first, it seems rather harmless: just some company spamming me about some AI course. Try to read it (come on, it is not that long!) and make a point to remember the gist of the email, it’s Subject: and the email address (the From:) of the person sending it.

It has been said before that true classics are timeless and touch everyone regardless of race, colour, or language. I do not think that was originally intended to include phishing emails, but here we are. Every so often a kind soul will contribute with something in a different language, like the email below:

Time for our Black Friday post! We need to be prepared an increase in phishing and other forms of attacks in the period starting on Thanksgiving shopping season and going through Christmas and the New Year. Today’s is one of those I would be watching out for: offering a loan.

Those who know me are aware of my low opinion about tracking links in general and URL shorteners specifically.

You probably have noticed we have not philleting new phishes recently. The reason is really simple: we do not receive many phishing emails, and those who have provided us with some of the previous phishes have not been able to send us more.

The title of this post may be a bit of a misonhonor as any good phishing email needs to have a good clickbait title so the Clueless Phish will look into it. This one was a bit more interesting because of the amount of similarly sounding emails it created and the frequency. Also, its style follows that used by marketing firms. Here is the list at the time this post was written:

I wanted to say this was a slightly more clever than that average phishing email but I can’t. Of the “legal repercussions” style of phishing emails, the FTC voicemail one was better. Still, it deserves to be mentioned. Let’s take a look at it and then tear it apart: