The PhishBowl

Phishing is the top social attack on organizations and the most common cause of data breaches. There is no concrete way to prevent phishing attacks, so awareness and proactive responses by our community will always be our strongest line of defense.

If you receive an email that looks suspicious, refer to this page for recent alerts.

If you receive a suspicious email in your inbox that is not listed here:

  • Do not assume it is safe.
  • Forward it to phishing@shepherdsecurity.net. We will review it before adding it to the threads.
  • We will reach out first before posting and will remove any identifying information to protect your identity.

  • Received a text about unpaid tolls? It’s more than likely a scam

    A few months back I started receiving test about unpaid tolls. I had not been traveling, so I knew right away it was a scam. I started hearing more and more people mentioning it. You may have received a text claiming you owe money for unpaid tolls, be cautious—it’s likely a scam. Scammers are impersonating toll agencies nationwide, sending fraudulent messages demanding payment.

    These scam texts often appear unexpectedly, stating you have outstanding toll charges and must pay immediately. They may include a specific dollar amount and a link directing you to enter your bank or credit card details. However, this is a phishing scam designed to steal your money. Clicking the link could also expose your personal information, such as your driver’s license number, putting you at risk of identity theft. Stay alert and avoid falling for this scam.

    What to do next?

    If you have received this text, or an text like this, these are the best steps to take:

    • Don’t click on any links – Avoid clicking on links or responding to unexpected texts. Scammers try to create a sense of urgency, but take a moment to verify before taking any action.
    • Check to see if the text is legit –  Verify the legitimacy of the text by contacting your state’s tolling agency directly. Use a trusted phone number or website—not the one provided in the message.
    • Report and delete unwanted text messages – Report and then delete suspicious text messages. Use your phone’s “report junk” feature or forward the message to 7726 (SPAM). After reporting, remove the text from your device.

    by John Johnson (Shepherd Security)

    Ԝе’vе kոoԝո еасh οthеr fоr а ԝhіlе, аt lеаѕt Ӏ kոοԝ you.

    This phishing email is known as Sextortion. Sextortion occurs when individuals claim to hold sensitive or revealing information on a target that they will threaten to release unless they receive payment in crypto.

    What to do next?

    If you have received this email, or an email like this, these are the best steps to take:

    • Stop all contact and do not pay the blackmailer or give them more money or intimate content.
    • If you feel like there is any sort of compromise to your account, change your passwords
    • Tell someone you trust, such as a friend, family member, or a Pastor – they can usually help you think clearly and fix things if you’re feeling overwhelmed. You can also contact a 24/7 helpline, where there are people ready to listen and help.
    • If you received an email like this, and you are feeling convicted because you live in a reality that an attacker may have seen you do this, or could have accessed inappropriate photos or videos that you have taken of yourself for a special someone or the content you are viewing is not clean, I want you to know, you do not have to live in shame. We all do stuff, have a past, and can move forward. Jesus loves you and does not want you to live in shame. Please reach out. Our team is willing to pray for you and help you walk through a process to recovery, with no judgment.
    by John Johnson (Shepherd Security)

    You paid to F4 Customs for invoice 000637

    This is a recent PayPal Scam that is going around. The goal is to scare people into rash decisions, calling the phone number to quickly cancel the order. The person on the other side would claim the computer was compromised, and that they needed to install an antivirus to clean it up.

    What to do next?

    If you have received this email, or an email similar to this report it to PayPal.

    To report PayPal phishing attempts:

    • Forward the entire suspicious email to phishing@paypal.com.
    • Do not alter the subject line or forward the message as an attachment.
    • Delete the suspicious email from your account.
    by John Johnson (Shepherd Security)

Copyright ©2025 Shepherd Security LLC
All Rights Reserved

Terms of Use

Privacy Policy

Cookie Policy