Friday, January 20, 2023

Identifying Phishing

Adam Engst:

In the past, many phishing attempts were obviously fake, and intentionally so. That’s because they only had to sucker people who were sufficiently inexperienced, credulous, or easily deceived that they would continue to go along with the scam. Now, however, I’m seeing phishing attempts that are more sophisticated and harder to identify quickly.

I’ve been examining phishing attempts for so long that it’s hard for me to imagine what might fool someone else, so I wanted to share some recent attempts that slipped past Gmail’s filters. For each message, I’ve called out some of the ways I identified it as phishing.

3 Comments RSS · Twitter · Mastodon


It is easy to avoid phishing: hover the mouse arrowhead over the link to check if it points to the trusted URL or not.


Cudos Adam, great phishing eye-opener.

Speaking of phishing, has anyone explored the clickbait dark side of QR codes? QRs springing up everywhere including banks, on TV, crypto, ads.

QR just acts as URL shorteners, but can also send files, sms, urls, text and expose the QR clicker to whatever payload us underneath. QRs can carry worse payload-bombs than URL shorteners.

What's to stop evil-hoodie-guy from making QRs point to spoofed sites that pull 99.9% from the legit site, like a bank, except now load a false login page, key logger or worse payload. What a mess! And Crypto bros use QR everywhere. Lunacy.

(Thanks for years of good reads Adam.)


Del, this is a thing already, with hackers pasting up QR codes that point to fake sites. Our security training just recently warned us against this.

Leave a Comment