Friday Phish Fry

Phishing Email Alerts

Catch of the Day: AI Vishing Phish

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

This is something you could share with your users. The Better Business Bureau (BBB) is generally seen as a credible source for scams.

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the BBB warns.

Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples. “At work, you get a voicemail from your boss,” the BBB says. “They instruct you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But it’s the boss’s orders, so you make the transfer.

“A few hours later, you see your boss and confirm that you sent the payment. But there’s one big problem; your manager has no idea what you are talking about!

“It turns out that the message was fake. At home, you may receive a phone call or voicemail from a family member in an urgent situation like an accident or a medical emergency. They provide convincing details and ask for money immediately via a digital wallet payment app like Venmo or PayPal.

“You find out later that the story wasn’t true, and your money is gone.” The BBB offers the following recommendations to help users avoid falling for these types of scams:

  • “Resist the urge to act immediately. No matter how convincing a phone call or voicemail may sound, hang up or close the message if something doesn’t feel right. Call the person who claimed to have called you directly with the phone number you have saved for them. Don’t call back the number provided by the caller or caller ID. Ask questions that would be hard for an impostor to answer correctly.
  • Don’t send money if you’re in doubt. If the caller urgently asks you to send money via a digital wallet payment app or a gift card, that may be a red flag for a scam. If you wire money to someone and later realize it’s a fraud, the police must be alerted.
  • Secure your accounts: Whether at work or home, set up multi-factor authentication for email logins and other changes in email settings. At work, verify changes in information about customers, employees, or vendors.
  • At work, train your staff: Create a secure culture at your office by training employees in internet security. Make it a policy to confirm all change and payment requests before transferring. Don’t rely on email or voicemail.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.