2024

Ipad Me a Phish

It has been said before that true classics are timeless and touch everyone regardless of race, colour, or language. I do not think that was originally intended to include phishing emails, but here we are. Every so often a kind soul will contribute with something in a different language, like the email below:

4 min read

Loan a Phish

Time for our Black Friday post! We need to be prepared an increase in phishing and other forms of attacks in the period starting on Thanksgiving shopping season and going through Christmas and the New Year. Today’s is one of those I would be watching out for: offering a loan.

2 min read

Short Phish

Those who know me are aware of my low opinion about tracking links in general and URL shorteners specifically.

3 min read

We Need Your Phish!

You probably have noticed we have not philleting new phishes recently. The reason is really simple: we do not receive many phishing emails, and those who have provided us with some of the previous phishes have not been able to send us more.

~1 min read

Clickbait Phish

The title of this post may be a bit of a misonhonor as any good phishing email needs to have a good clickbait title so the Clueless Phish will look into it. This one was a bit more interesting because of the amount of similarly sounding emails it created and the frequency. Also, its style follows that used by marketing firms. Here is the list at the time this post was written:

3 min read

Phishing Credit

I wanted to say this was a slightly more clever than that average phishing email but I can’t. Of the “legal repercussions” style of phishing emails, the FTC voicemail one was better. Still, it deserves to be mentioned. Let’s take a look at it and then tear it apart:

1 min read
Back to Top ↑

2023

Messaging Swiss Phish

Most of the phishing we have talked about comes by email, but that does not have to be the only way. A more sophisticated phisher knows there are other alternatives, such as the voice mail we previously commented on, and chooses the right attack vector for the right target. Today we will once again step away from emails and talk about one I consider particularly effective: messaging.

3 min read

Facebook Phishing

Yet another lazy phisher. The email supposedly pretends to be from facebook. If you are like me and use a mail app that shows you the header and allows you to see what the links in the email are really linking to, this email is just too obviously phishy. Unfortunately there are mail apps that act like the messaging ones I mentioned before, not letting you find out what the button links to until it is too late. I despise said programs with passion.

3 min read

Humanitarian Phish

Another cookier cutter phishing email. You are probably thinking “man, he is really scrapping the bottom of the barrel here.” Yes I am; this site depends on contributions from readers like you!

1 min read

Talkie Phish

Contrary to popular belief, phishing attacks do not only take place through emails. While that is the cheapest way, specially if trying to reach as many potential victims (the marks) as possible, there are other ways.

3 min read

Settling Phish

Early this year we commented on the classical phishing email disguised as an invoice, which usually contains a malware-laden attachment. Well, this is a variant of that email:

2 min read

Confidential Phish

While this is not technically a Nigerian Prince phishing email – its claimed country of origin is two countries South of Nigeria – like the beautiful masterpiece we talked about in a previous post, it is one in spirit. Take a look at the email, posted here in glorious ASCII, and see if you agree with me.

2 min read

Phishing by Forms

Google/Microsoft Office365 docs, forms included, are a great way to phish someone. You create a document with a macro or just a link, and send it in a way to entice the potential victim. We have talked about using the carrot angle – prizes and free money – and the stick one – fines and receipts for outstanding bills – but how about nothing at all? That is what this phisher is going for: no clever titles or descriptions, and no explanation for why you should fill the form. All it offers is just a request, “I’ve invited you to fill out the following form:

1 min read

Return a Phish

In the end of last month I received this uninspiring but not badly put together phishing email. I will start with saying this email is completely not in the same league as the phishing one we covered in the previous post.

1 min read

We Got a Nigerian Phisher Here!

I guess this is Classic Phish Month, and today we sure have a real classic amongst us. I was going to talk about another, lesser phishing email, but when I found this morning a Nigerian Prince-class email waiting in my mailbox, I knew I that it was the one.

5 min read

A Phisher goes to Venmo

First of all, this is the first phishing email contributed by a viewer like you. Thank you! I can tear down and make fun of a phishing email like the best, but that is hard to do without new material. Don’t be stingy! If you get a phishing email, send it my way and I will promise to fillet it properly.

3 min read

Not a Phish

We talk a lot about phishing emails. After all, this is what this site is all about (teaching how to recognize and deal with them). Thing is, we receive so many (ok, maybe not me, which is why I keep asking for you to send me some), we may start labelling any suspicious emails as phishing. That would be myopic of me; messages trying to con people, spam included, predate emails. And, spam started to pollute mailboxes everywhere as soon as the internet stopped being the exclusive domain of researchers and started being used by normal people like you and me to share cat pictures and animations of dancing hamsters. It took decades after that before phishing was a thing.

3 min read

Verify a Phish

This is a plain simple phishing email. No attachments and the link to the site where you are supposed to either give your info to or be compromised, or both, looks rather innocent. Contrary to some previous examples, its simplicity is elegant.

1 min read

Lawyer Phisher?

Phisher this time is a bit more clever than the average one we have been dealing with recently. Yes, I know it does not take much, but I will take what I can get.

3 min read

USPS Phisher

I seem to keep being given really bad phishing emails. This one may not be as bad as the last one, but Mr. Clueless Phisher here sure needs to go back to phishing school.

1 min read

Real State Phish

Some phishing emails are bad, some are really bad, and then some are like watching a train wreck in slow motion level of bad. Guess which group today’s email belongs to?

1 min read

Bitcoin Phisher

A lot of people think that buying some magic app will block all phishing emails. If you have been following this blog, you know that these programs only get the really badly put together ones. I mean the ones that are as obvious as someone running naked inside the post office with a “arrest me” cape. You really do not need to put too much effort to bypass those tools and their filters; as today’s example will show you can be pretty lazy and effective.

5 min read

The Nigerian Prince Likes to Phish

Early this month I received yet another classic phishing email; this time it is a traditional Nigerian Prince one. This style of phishing email is identified by its unique pattern:

3 min read

Renew a Phish

Today (it is still Friday) I received this rather clever variation of the ol’ invoice phishing email.

1 min read

Phishy Reward

I was thinking I would need to dig into my old phishing box and see if I could find something that was not too smelly to post today. Fortunately a concerned phisher came to my rescue.

1 min read

Lazy Phisher

A while ago we praised a phisher who had some pride on his profession. Those are a rare breed; most of them are lazy, unmotivated, non-creative types who only care about meeting their quotas. You probably have met them at work, at the department of motor vehicles, or tax services: they are they type of people who would deflate a balloon by just walking into the room. Unfortunately today’s example belongs to this mediocre majority:

1 min read

Attach a Phish

One of the classical types of phish is the one which sends an invoice you are not sure why you received. The idea is to make it vague enough that even though you are not sure why you received the invoice, it looks familiar enough to entice you to click on its links or attachments to find more, and refresh your memory. And once you do it, you have been phished.

2 min read

Did You Order a Phish?

Today’s phishing email is a classic for two reasons

  • It is the ol’invoice phishing email, showing a bill to a product you or someone at your place of work may have bought. McAfee does sell antivirus software.
  • I had saved it in March of last year but only found it today. That does not diminish its relevancy because invoice phishing emails are still popular.
3 min read
Back to Top ↑

2022

Phisher Pride

We continue our series on phishing emails. I am glad to say a phisher heard my plea and stepped up to the challenge before Black Friday ended!

3 min read

Season to be Scammed

It is Black Friday! And We are in the Season to be Scammed! A few moments ago (I am typing this as fast as I can) I received the following phishing email

1 min read
Back to Top ↑