Disclaimer

Phish Flash is a security-awareness training simulation. Every example shown here is fictional and inert: there are no working links (every link is disabled), no working forms or inputs, no scripts, and no hosted files or malware.

About the brands shown

Real company and brand names or logos may appear in our scenarios, but only ever as the impersonated target of a fictional attacker — shown so people can learn to recognize real-world impersonation. We never imply, or mean to suggest, that any real company, brand, or domain is itself malicious, compromised, or untrustworthy. Brand names and logos remain the property of their respective owners and are used nominatively, for education and commentary.

About the domains, addresses, and numbers

Every domain, email address, and phone number used by the imaginary attackers in our cards is invented and fictional; any resemblance to a real address or number is unintentional. Real brands appear only as the impersonated victim, never as the owner of the attacker’s infrastructure.

Requests to change or remove

If you represent a company or brand depicted here and feel the portrayal is unfavorable or undesirable in any way, please reach out through our contact page and we will promptly change or remove the reference.

Mis-classified by a scanner?

Because we display realistic (but fake) phishing examples for training, an automated scanner or blocklist may occasionally mis-flag a page. If that happens, email info@phish-flash.com and we’ll help expedite a re-review. See also our security.txt.

Not advice

Nothing here is professional, legal, financial, or security advice, and none of it directs any real-world action. Provided “as is,” with no warranties. See our Terms and Privacy pages.

No cookie banner.  👏  
We don’t track you, and nothing here leaves your device. Your card filter is the only thing saved — and it lives in your browser, not on a server.