Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Job Offer Phish
Chef’s Special: Bank Impersonation Phish

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

Phishing Attacks Impersonating Famous Korean Banking Apps

The ASEC analysis team recently identified that multiple malicious domains targeting normal websites of the financial sector had been created.From early November, we detected multiple distribution cases of phishing emails impersonating Naver Help. Through these, we had been monitoring the malicious URL that was included in these emails.
The sender’s username was ‘Naver Center’ and the emails had a variety of topics to deceive users, including notifications for changes to contact details, creation of a new one-time password, login from unfamiliar locations, full mail storage, and blocked access attempts.This could easily be adapted to banks in the US.  More…

Meddler-in-the-Middle Phishing Attacks Explained

We’ve probably all received advice for how to avoid phishing, such as to be on the lookout for spelling errors or other mistakes that would alert us to the presence of fraudsters. However, this advice is only helpful for traditional phishing techniques. Meddler in the Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

MitM phishing attacks are a state-of-the-art type of phishing attack capable of breaking two-factor authentication (2FA) while avoiding many content-based phishing detection engines. Rather than showing a spoofed version of a target login page, a MitM attack uses a reverse-proxy server to relay the original login page directly to the user’s browser.

As of November 2022, several phishing attacks have used MitM tactics to compromise business email accounts and to successfully steal organizations’ confidential information. There are several popular MitM phishing toolkits that make it easy for hackers to launch their own MitM phishing attacks in just a few clicks.

These toolkits are continually expanding their sets of features while simultaneously becoming more intuitive and easy to use. Many already employ sophisticated cloaking techniques, allowing them to evade detection by traditional phishing detection systems. As such, we expect that the prevalence of these MitM phishing attacks will continue to rise in the near future.   More…

“How I Lost My Dog and Almost My Google Credentials…”

A well-trained Knowster posted: “I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now I’m getting these kinds of texts and it’s heartbreaking to think someone else may have fallen for this! A quick Google search let me know exactly what this guy really wanted.”

The full post on KnowBe4 was written by ChatGPT and is worth a look just for that reason.

Here are three screenshots that show 1) bad actor sets the hook 2) Sends the verification code, and 3) This is how the scam works.

Warn your family and friends against this devilish scam.

Social Engineering, Money Mules, and Job Seekers

Bob says: I received an employment offer scam like this one and reported it on this blog

A small town in Manitoba, WestLake-Gladstone (population about 3300), fell victim to a social engineering campaign. The municipal government seems to have been a target of opportunity, but it lost some $433 thousand to scammers.

The scam began with a gig economy job offer. “A seemingly legitimate company, with a professional website and a Nova Scotia address, claimed it was looking for cash processors. The contract was for one month. Employees could work from home,” the CBS explained. “They were told they would receive payments to their credit cards, which they would be expected to move to their bank accounts. They would then withdraw the payments, convert them into bitcoin, and send that to another account.”

All a prospective “cash processor” needed to qualify were a phone, Internet access, and familiarity with online banking. Also, they would need “proximity to a bitcoin machine.” If the aspiring cash processors did an Internet search for their prospective employer, they would “find a professional website, with information matching what was provided in the employment agreement.” And it came with a Nova Scotia address, just to lend verisimilitude to the scam.

The offer itself was phishing, and eventually someone in Westlake-Gladstone followed a malicious link that enabled the crooks to gain access to the municipal bank accounts. The local government noticed something was amiss when they saw withdrawals, each one less than $10 thousand, being made with money sent to unfamiliar destinations.





About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.