A Phisher goes to Venmo

First of all, this is the first phishing email contributed by a viewer like you. Thank you! I can tear down and make fun of a phishing email like the best, but that is hard to do without new material. Don’t be stingy! If you get a phishing email, send it my way and I will promise to fillet it properly.

Today’s phisher is trying hard to put together a reinterpretation of the classic “I have free money for you but you need to provide me some info so I can steal your identity and/or bank account in the process” which had first gained notoriety in its Nigerian Prince Scam version. This kind of email has a time-tested format, which our aspiring phisher decided to ignore thinking he could do better.

Well, sunshine, you didn’t. Let’s examine the email:

From: Venmo <venmopayunit123@gmail.com>
To: Clueless Phish
Date: Fri, Jul 7, 2023, 12:28 PM
Subject: A NEW PAYMENT IS PENDING !!

Sandra Paid You $400.00 USD
Transfer Date And Amount:

July 07 2023 PDT · public

+ $400.00 USD 

 +Transaction Fee: ($0.00)

INCOMING PAYMENT IS UNDER REVIEW!


We have a problem crediting your funds ($400.00 USD) because your account is not a business profile user which makes your account have limit. This amount seems to be above your limit so you have to take this urgent step to expand your limit.

HOW DO I EXPAND MY ACCOUNT-ACTION NEEDED:

 To expand your account into a business account, contact your buyer to send in an additional payment of $200.00 USD into your account to expand your credit limit. Soon as this is done we’ll get the whole amount of $600.00 USD reflected immediately once the additional payment has been secured back to the buyer. 


IMPORTANT NOTE:


An alert has been to your buyer in regards to the $200.00 USD to send, we’ll secure this transaction with high priority that neither the buyer nor the seller will lose a dime in this transaction.

Note: We want you to know that all this has been recorded
on our database system and the money can not be refunded back. 
Be rest assured as we have everything under control and we hereby
 apologize for any inconvenience this might have caused you

Venmo, PayPal, Apple pay, and Cash App are some of the money transfer sites that have become very popular. Their convenience comes with a price: transactions made with them are hard to revert. And this is why fake sites have popped up that offer products at enticing prices but want to be paid using these methods. Clueless person gives them money, never received product, and has no way to get the money back. So, in principle our phisher was clever, but as we mentioned before, he just could not follow the phishing rules.

How to know it is a phishing email

• That trademark of scam messages, be them phishing or fake job offers or whatever, the notorious kindly is not here. But, fear not, it makes up for interesting grammar. Which one is your favourite? Mine is Be rest assured.

• I do not know about you but I think Venmo would not be using a gmail account, venmopayunit123@gmail.com. They are big enough to have a proper mail system.

• OH ALL THAT UPPERCASE IS BLEEDING MY EYES!!! Do I have to say anything more? Yes, I know some honest companies may use that in their email marketing campaigns, but that is annoying. In fact, any email using that I receive goes straight into the trash bin. So, Mr. Phisher, you are not helping your cause.

• Hey Phisher Guy! I know you are trying to come up with a description that makes your email not too obvious, but this $400 to $600 with $200 scheme is convoluted. Just stop. The format is “Hey, we have X money waiting for you, but you need to go to this site and give us info to get it. And you have a deadline.” It is that simple, and it still works. People fall for it every day (we hope this site is making a dent in that number, but I digress), so don’t complicate things, will you?

Why is the picture of the phishing email all the way on the bottom?

Have you seen how long it is? For some reason they formatted it so, like some websites I will not mention, cannot adjust itself if you widen the browser window. Maybe they were trying to make a homage to the longcat, but this would take too much real state on the top of this blog entry.