Email Security Blog

Fresh Phish: PhishPal

Inky Phish Fence works 365/24/7. It never sleeps and never stops, it learns in perpetuity and today’s Catch of the Day is a testament to its robustness... Read on: 

I really dislike using my credit card online, to the point that I will seek other vendors selling the same product when PayPal is an option. In all honesty, I blindly trust PayPal and why not? They process millions of transactions a year and have an impeccable security record. Today, though, Inky’s Catch of the Day has me both scared and comforted. Scared by the brilliant lengths the phisher has gone to try and spoof a PayPal email. 


Fake paypal email-2


Let’s break it down: 

Visuals: they’ve matched PayPal branding to a tee, the layout of the email, the colors and the font all seem completely legitimate. 

The content: The call to action is bold and scary, someone in Providence, UT has been accessing your account. Wherever you are reading this there is a pretty good chance you aren’t in Providence.  

So bold is this phisher, they’ve decided to help you spot. The. Phish. This, for me, is the clincher. After the call to action, they are actually telling you how to report Phish! It’s a clever attempt at deception that aims to further the faux assurance that this email is legitimate  

A truly well-constructed phishing attempt. Note I used the word attempt because as usual, Inky’s Phish Fence caught it. Frankly I’m not sure I would have.  

Inky Phish Fence uses computer vision to recognize a brand forgery attempt and a mix of Artificial Intelligence and Machine Learning to ID the message as highly suspicious.  

Nice try PhishPal, but Inky is throwing you back.