CNUSD Cyber Insights
Watch Level Elevated
Updated May 26, 2025
All articles Phishing

Phish Tank - You Won a Fire Safety Kit

In each issue of ‘Phish Tank’, we highlight real phishing attempts that have made their way into our inboxes—so you can see exactly what to watch out for.

Updated 5 min read
phishing
School of fish

Welcome to the ‘Phish Tank!’🪝

In each issue of ‘Phish Tank’, we highlight real phishing attempts that have made their way into our inboxes—so you can see exactly what to watch out for. We’ll break down the red flags in each email and talk about what makes them suspicious. The more tricks you recognize, the less likely you are to get hooked!

This week, we’re looking at a type of phishing email that uses fake e-commerce websites and surveys to make the user feel like they’ve won an exclusive prize. In reality the only winner is the attacker who has stolen the user‘s credit card information.

The email:

What makes it suspicious?

🚩 Unfamiliar Sender (newsletter.pdkeb@roydon.essex.sch.uk) - The sender claims to be State Farm, yet this email comes from an email address not associated with the company.

🚩 Promise of Reward -The message claims you have been “selected as one of the lucky few” to receive a free safety kit, which seems out of the blue. Legitimate companies generally don’t send random prize announcements without any context or prior sign-up.

🚩 Suspicious Links - There is a big “Get It Now!” button prompting you to click and claim a prize. Phishing emails often use enticing buttons or links to direct you to malicious websites. Further, if you hover of the link in the image, the website is not associated with State Farm.

Attack Deep-Dive: FoxWhoops

The email is part of a newer phishing scheme called “FoxWhoops.” The emails target American customers with fake e-commerce sites promising a reward for completing a survey.

The attack utilizes a series of checks, sending users who fail them to a Fox News RSS page or a page with a ‘Whoops!’ image, hence the name FoxWhoops!

Those who pass the checks are prompted to enter their credit card details for a chance to purchase the ‘reward’ at a discounted price—unaware that they’re actually handing their sensitive information directly to the attackers!

Click through the images below to see how the attack works:

What do I do if I receive an email like this?

If you receive an email similar to one in our Phish Tank series, please report it using the Phish Alert Button (PAB) in your email client. Your email may even get featured in this newsletter!

For detailed instructions on how to report an email with the PAB, please refer to the following resources:

https://support.knowbe4.com/hc/en-us/articles/219122288-Phish-Alert-Button-PAB-in-Microsoft-Outlook-Guide

https://support.knowbe4.com/hc/en-us/articles/360009629234-Phish-Alert-Button-PAB-for-Microsoft-365-Guide

Was this helpful?

Ratings are anonymous.

Found an issue on this page?

Report a website issue →

More in Phishing

Phishing 5 min read

Phishing in the Age of AI

In the past, phishing emails could be spotted by noticing bad grammar or a strange logo. Now, AI tools are changing the game.