Is it a Phish? June 22 Edition

Ryan PhishAfter a brief hiatus we’re back, and this time we’re bringing out the big guns with one of our enterprise account managers. This week we are putting Ryan Clemency to the test of getting us back to a perfect score, so that one day we may finally hit a perfect streak.

This week Ryan reviewed five different suspicious pieces of content that consisted of both emails and websites. Like you he only had a few moments to decide whether or not the content was suspicious, if he should click on it, or whether to simply mark it as spam. Each of these are real-world examples you’d likely find in your inbox or floating around the web.

Have some good examples of phishing lures, sites, or even suspicious spam emails? Send a screenshot to us on Twitter and we may include it in a future episode.

Is it a Phish?

The Results

Spoilers ahead! Don’t read on if you plan on playing along.

 So how did Ryan do? He had a solid score of 5 – 0!

  1. Spam or promise of someone doing Ryan’s job? Spam! If there is one guaranteed side effect of sending your team to a conference, it is that without a doubt you will get at least one list selling vendor spamming you.
  2. Ray Ban deal… or too good to be true? Well the deal is certainly too good to be true, it’s a bit sketchy, and Ryan knocked this out of the park. Well known brands are often the focus of brand misuse and IP theft, and this is just one of the endless examples.
  3. Bank card or financial theft? Financial theft! Ah, yeah, that is nothing to get excited about, but even though this site is in another language, Ryan was still able to astutely identify that this site is malicious. It’s not secure, the domain is iffy, and that’s all it should take.
  4. PayPal or wire transfer scam? This was a hard one, but Ryan saw right through it. Even though the domain uses HTTP or an SSL cert, the domain itself looks off. This is a particularly nasty phishing example.
  5. Inbox full or stealing personal info? Ah, the good ole Microsoft 365 phishing lure. There are countless of versions of this, and while they are filled with red flags, they lead to a lot of compromised accounts. Ryan noticed that this is filled with typos, strange messaging, comes from an unknown stranger, and didn’t even have to get to the link.


Did you receive a phishing lure or stumble upon a phishing site? Send it to us on Twitter and we can include it in our next edition of Is it a Phish?


*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Elliot Volkman. Read the original post at: