Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Scam as a Service Phish
Chef’s Special: Vanishing Act Phish

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

Scam-as-a-Service Classiscam Expands Impersonation in Attacks to Include Over 250 Brands

Now entering its third year in business, the phishing platform, Classiscam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1,000 attack groups worldwide.

What do cybercriminals need for a successful attack? A convincing email, a list of potential target email addresses, and a website to extract payment details, bank login credentials, etc. And it’s the last part that’s usually the barrier to market for those that want to get into cybercrime.

But scam-as-a-service platform Classiscam has evolved its operations over the years, according to a new report by cybersecurity vendor Group-IB. It has created a template-based service where attackers can create brand impersonated webpages and support localization to expand attacks globally.

According to Group-IB, 251 unique brands were impersonated in the last two years in a total of 79 countries. Over 38,000 separate cybercrime groups have used this service from 2020 through this year, raking in an estimated $64.5 million to Classiscam during that time.

Used to target EMEA, Latin America, and APAC regions, the potential for this platform to expand operations into North America is high.

The real danger for organizations is the templated phishing sites. By continually monitoring and improving these sites, attackers are more successful. In other words, it becomes more likely that targets will become victims.

All the more reason to prop up your user’s sense of vigilance through continual security awareness training to help make the phishing attacks that precede the Classiscam pages obvious to the user.

Blog post with links:

Vanishing Act: The Secret Weapon Cybercriminals Use in Your Inbox

Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection.

“In order to create malicious email rules, the attackers need to have compromised a target account, for example, through a successful phishing email or by using stolen credentials seized in an earlier breach,” the researchers write.

“Once the attacker is in control of the victim’s email account — a type of attack known as an account takeover — they can set one or more automated email rules, a simple process that enables the attackers to maintain stealthy, persistent access to the mailbox — something they can use for a whole variety of malicious purposes.”

Inbox rules can be exploited to carry out further social engineering attacks using the compromised accounts. “BEC attacks are all about convincing others that an email has come from a legitimate user, in order to defraud the company and its employees, customers, or partners,” the researchers write.

“Attackers could set a rule that deletes all inbound emails from a certain colleague, such as the Chief Finance Officer (CFO). This allows the attackers to pretend to be the CFO, sending colleagues fake emails to convince them to transfer company funds to a bank account controlled by the attackers.”

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

[CONTINUED] at the KnowBe4 blog:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.