Friday Phish Fry

Phishing Email Alerts

Catch of the Day:  Truist Alert Phish
Chef’s Special: AMEX Unauthorized Charge Phish
Also serving: Verizon Report Phish

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

VIRUS SUSPECTED: “Truist Alert” Phish

This email was blocked by my email host’s anti-malware detection system.

Truist is the name of a legitimate bank, but not one I would be using personally, so the email would have set off my phishing radar.  I really love the sender’s email address: <service@Prevent-Security.Com>.  Maybe a little too much honesty here – “prevent security.”

When I get these notices, the offending email is gone, so there is not a lot I can find  out about this exploit.  But here is an image of the email

Amex Phish

This phishing email arrived on January 9.  I started my investigation on January 11.  Most of the interesting bits have been replaced with security warnings, which is a good thing.  I don’t have an American Express card, so again, easy for me to avoid this one.  the sender email address <> is very obviously not an AMEX email domain.  The Just log in to your account online here is a little off-syntax.  The link resolves to this tinyURL, which redirects to  This also looks like the website has been hijacked by the attackers.  Here are a couple images:

The phishing email

The landing page has been replaced by this warning page

Red Flags for Phishing: Verizon Outlines Latest Scams to Watch Out For

Verizon has published an article outlining various forms of social engineering attacks, including SMS/text messaging phishing (smishing), voice phishing (vishing), and spear phishing (targeted attacks, often via email).

Verizon warns users to be on the lookout for the following red flags:

  • “Scare tactics and urgent messages or subject lines. The ‘URGENT: Payment overdue’ subject line mentioned earlier is an example—bad actors want you to think that there’s some kind of problem with your account that needs immediate attention. Vishing attacks might say that they’ve identified fraud on your credit card or that you’re in trouble with the IRS.”
  • “Unprompted calls from ‘customer service.’ Beware of unsolicited calls from ‘customer care agents,’ or from a ‘billing’ or ‘fraud’ department, that ask you for help to access your account or to provide them with sensitive account information. If you’re at all suspicious, hang up and then call the publicly listed customer care number of the company in question (not the number given by the caller) to report the incident. Note: Verizon will never proactively contact a customer asking for sensitive information such as a password or account PIN to perform authentication.”
  • “Lookalike or misspelled web or email addresses. A lookalike URL in a link or a misspelled email address is a sure sign of trouble. Remember, you can hover your cursor over a link without clicking to see the actual URL in the link. One example given by a misspelled link using ‘bankofarnerica[.]com’ that could look correct at a quick glance; clicking such a link could take you to a malicious site.”
  • “Suspicious attachments. Any unsolicited email attachment should be viewed as a warning sign. If the email is from an unknown sender, you didn’t ask for the attachment or the attachment doesn’t make sense in the context of the message, don’t open the file.”

Verizon concludes, “Remember, phishing is common and perpetrators are hoping to catch you with your guard down. But most companies will never proactively reach out to you. And Verizon will never proactively contact a customer asking for sensitive information such as a password, account PIN or to perform authentication.

So keep it simple: Trust your gut. When in doubt, hang up, delete the message, and contact the respective company directly.”

Blog post with links:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.