Mauricio Tavares (Main Phish)
Mauricio Tavares (Main Phish)
1 min read


  • blog


  • content
  • phish
  • image
  • link

I was thinking I would need to dig into my old phishing box and see if I could find something that was not too smelly to post today. Fortunately a concerned phisher came to my rescue.

Phishing email wants to reward you

Text version:

Date: Feb 23, 2023, 9:33 PM
From: Welcome to the Official Allison Adelle Hedge Coke Website <>
To: Clueless Phish
Subject: Welcome to the Official Allison Adelle Hedge Coke Website Re: 0xkxrl7c

Dear Client,

At CVS, we are constantly trying to improve our service and would like to hear your feedback on how we performed.

The survey is short and will only take 2 minutes to complete.

And Of Course there's a $90 promo reward to you After Finishing

*Take survey*

We appreciate your partnership and collaboration.

What we have here is a phishing email that, in principle, hopes to con greedy phishes into clicking into the survey link in hope of getting a $90 reward. If you read it again, you will realize the reward is not the mythical $90, but the phishing email itself.

Where should I begin?

  • Do you like the Subject: and From: fields? Me too! They were sponsored by cut-n-paste!
  • The email address is also gold: someone hired a cat to create that by walking on a keyboard.
  • The use of uppercase in the email itself is better enjoyed by reading the email aloud and then speaking the uppercase-starting words in your best Captain Kirk voice. Don’t believe me? Read “there’s a $90 promo reward to you After Finishing” like this (the pauses are everything):

there’s a $90 promo reward to you. After. Finishing

  • And Of Course (to quote the email), how did CVS come into this train wreck? Don’t get me wrong: a lot of phishing emails con their way in by acting like they came from a proper (I am using the term loosely here) business. However, we started pretending to be at the “Official Allison Adelle Hedge Coke Website” (that is a mouthfull; say it 3 times fast) and then downgraded into CVS?

Well, I was supposed to talk about what are the clues this is a phishing email, but this one needs to be admired for its artistic and entertainment value. So there. Enjoy it!