[deepfriedrice]

I don't know the gullibility of the average tech CEO but this doesn't strike me as a very convincing phishing attempt.

* "We've received reports about the latest content" - weird copy

* "which doesn't meet X Terms of Service" - bad grammar lol

* "Important:Simply ..." - no spacing lol

* "Simply removing the content from your page doesn't help your case" - weird tone

* "We've opened a support portal for you " - weird copy

There should so many red flags here if you're a native english speaker.

There are some UX red flags as well, but I admit those are much less noticeable.

* Weird and inconsistent font size/weight

* Massive border radius on the twitter card image (lol)

* Gap sizes are weird/small

* Weird CTA

[akerl_]

I think you'll be led astray thinking this is CEO-specific.

The whole theory of phishing, and especially targeted phishing, is to present a scenario that tricks the user into ignoring the red flags. Usually, this is an urgent call to action that something negative will happen, coupled with a tie-in to something that seems legit. In this case, it was referencing a real post that the company had made.

A parallel example is when parents get phone calls saying "hey it's your kid, I took a surprise trip to a tiny island nation and I've been kidnapped, I need you to wire $1000 immediately or they're going to kill me". That interaction is full of red flags, but the psychological hit is massive and people pay out all the time.

[deepfriedrice]

I razz CEOs in jest, but my point is: This is an example of a good phishing attempt? ChatGPT could surely find and fix most of the red flags I called out. Perhaps the red flags ensure they don't phish more people than they can productively exploit.

[akerl_]

There are certainly phishing attempts that are pixel perfect, but I'd say way more energy tends to go into making phishing websites perfect. The goal of the email is to flip people into action as quickly as possible with as little validation.