Friday Phish Fry

Phishing Email Alerts

Catch of the Day:  Survey Phish

Chef’s Special:  Ice Phish

Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.

I would be delighted to accept suspicious phishing examples from you.  Please forward your email to

My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox.  If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.

33rd Anniversary of the World Wide Web (WWW) Protocol

Tim Berners-Lee’s 9 Principles for the Internet
Tim Berners-Lee, the man who gave us the World Wide Web protocol in 1989, and turned the Arpanet into a global communications network of unprecedented scale, is worried about the health of the Internet. Governments are using the Internet for mass surveillance, and big Internet companies and merchant…

Survey Phish

This phishing email suggests that I have been “picked” for some reason and have a “reward” waiting for me.  All I have to do it is to take a survey

Unfortunately, the survey page seems to be missing

VirusTotal would suggest this is a phishing scam, which is why it is included here.

Usually, after you complete what are typically longer surveys that harvest  ALL of your private information, the only thing you will is a boatload of new spamming emails.  The only thing people want too give you for “free” is trouble.

There Is A Whole New Type of Blockchain Scam Called “Ice Phishing”

In a post Wednesday last week, Microsoft issued a warning that they are seeing a brand-new type of blockchain-centric attack aimed at web3 — a term used to describe the decentralized environment created on the blockchain.

The post by the Microsoft 365 Defender Research Team analyzed the recent Badger DAO attack, which stole more than $120 million from blockchain users November and December last year.

They warned that these attacks are on the rise: “There are multiple types of phishing attacks in the web3 world,” wrote Christian Seifert, member of the Microsoft 365 Defender Research Team. “The technology is still nascent, and new types of attacks may emerge.”

Ice fishing involves cutting a hole in a frozen body of water in order to catch fish. Ice phishing, as the Defender team has coined it, uses social engineering to trick a user into signing a transaction that delegates approval of the user’s tokens to the attacker, it doesn’t involve stealing one’s private keys.

“The attack corrupts a common type of transaction that enables interactions with DeFi smart contracts, as those are used to interact with the user’s tokens (e.g., swaps)… In an ‘ice phishing’ attack, the attacker merely needs to modify the spender address to the attacker’s address.”

“This can be quite effective as the user interface doesn’t show all pertinent information that can indicate that the transaction has been tampered with. Once the approval transaction has been signed, submitted, and mined, the spender can access the funds.”

“In case of an ‘ice phishing’ attack, the attacker can accumulate approvals over a period of time and then drain all victim’s wallets quickly.” This is the original post by Redmond, and it’s quite interesting reading!”

Blog post with links:

When the Phishers Want a Reply, Not a Click

A sextortion phishing campaign is targeting French speakers accusing them of viewing child abuse content, according to Paul Ducklin at Naked Security. The emails purport to come from the French police and are designed to frighten users into replying to the email to assert their innocence.

After a user replies, the scammer will attempt to convince them to pay a bogus fine to have the matter dropped. Ducklin offers the following advice to help people avoid falling for these scams.

  • “How likely does the message really seem? The sender of this email was given as Jean-Luc Godard, who in real life is a world-famous left-wing French filmmaker now in his 90s. The investigating officer you are told to email directly is Frédéric Veaux, the Director General of the French Police. If you were being charged, you would have to be formally accused by name, not simply sent an email starting simply Monsieur/Madame.” (Interestingly, the subject line said Mr/Mme, mixing up English and French in an obvious mistake.)
  • “If in doubt, don’t give it out. If this were a genuine criminal investigation, you would not be invited to submit evidence in mitigation informally via email. That would be insecure both for you and the police and would almost certainly be useless in court anyway.”
  • “Don’t be afraid to check with a trusted source. If this email were genuine, and there really were police charges against you, then emailing back information of your own to defend yourself against as-yet unspecified, unknown claims against you would be a very bad idea. The police themselves would not ask you to do that, which makes it obvious that this email doesn’t come from the police in the first place.”

It’s not just France, either. We’ve seen an email from the Grand Ducal Police of Luxembourg, also in French, and better French than one usually sees. No one was named in the letter beyond “Madame/Monsieur,” but at least the hoods got rid of that “Mr.” Needless to say, it’s still not very plausible. Next time they may try Andorra, or Monaco, or the Sûreté du Québec.

New-school security awareness training can teach your employees to follow security best practices so they can thwart phishing attacks.

Blog post with links:

A New Phishing Attack Warns About a Suspicious Russian Login

The human cost of war is horrific. All Knowsters are shocked and saddened by the all-out Russia-Ukraine land war. However, we are also inspired by the Ukrainian people for their bravery, resistance and resilience. As we all know, the price of freedom is eternal vigilance combined with the willingness to fight back.

I have spoken about Putin here many times, and I’m encouraged to see a robust global coordination to tackle this outrage. Planet Earth is an “anarchy of nations” – conflicting ideologies battle each other, and geopolitical risk can quickly become a high-priority security threat.

And then there are the low-lifes that exploit tragedies like this.

Researchers at Malwarebytes warn that a phishing campaign is informing users that someone logged into their account from an IP address in Moscow. The email contains a button to report the issue, which “opens a fresh email with a pre-filled message to be sent to a specific email account.” If a user sends this email, the attacker will reply and attempt to rope them further into the scam.

The researchers note that while the timing may be coincidental, users will probably be more inclined to respond to the emails given the current situation with Russia and Ukraine.

“We have to be very clear here that anybody could have put this mail together, and may well not have anything to do with Russia directly,” the researchers write. “This is the kind of thing anyone anywhere can piece together in ten minutes flat, and mails of this nature have been bouncing around for years. But, given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason.”

Malwarebytes explains that this is a common but effective technique used in phishing attacks.

“Trying to panic people into hitting a button or click a link is an ancient social engineering tactic, but it sticks around because it works,” they write. “We’ve likely all received a ‘bank details invalid,’ or ‘mysterious payment rejected’ message at one point or another.”

“Depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff,’” the researchers write. “That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being.”

Note how topical scams can be. Criminals and spymasters watch the news and cut their phishbait to fit current events. New-school security awareness training enables your employees a healthy sense of skepticism so they can avoid falling for social engineering attacks.

Blog post with links:

Phishing e-mails are more prevalent (and dangerous) than ever

Since Russia’s invasion of Ukraine began we’ve seen an eight-fold increase in phishing spam. Here are the 6 most common scams to watch out for.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.