Phishing Email Examples

Learn to spot and avoid phishing scams

Phishing emails are designed to trick you into revealing personal information, clicking malicious links, or downloading malware. This guide shows you real examples of phishing emails and teaches you exactly what red flags to look for.

What is Phishing?

Phishing is a type of cyber attack where criminals impersonate legitimate organizations to steal your personal information, login credentials, or money. These attacks most commonly come through email, but can also occur via text message (smishing), phone calls (vishing), or social media.

🎯 The Goal

Steal login credentials, financial information, install malware, or trick you into sending money.

🎭 The Method

Impersonate trusted entities like banks, social media, employers, or government agencies.

📊 The Scale

Over 3.4 billion phishing emails are sent daily. 1 in 5 employees will click a phishing link.

Real Phishing Email Examples

Below are examples of common phishing email types. Each example highlights the specific red flags that identify it as a scam.

Bank Account Verification Scam

Subject:Urgent: Your Account Has Been Locked!
Dear Valued Customer, We have detected unusual activity on your account and have temporarily locked it for your protection. To restore access, click the link below and verify your identity: [VERIFY NOW - Account Will Be Permanently Closed in 24 Hours] If you do not verify your information within 24 hours, your account will be permanently closed. Security Team Bank of America

Red Flags to Notice:

  • Domain is fake (bankofamerica-secure.com is not official)
  • Creates urgency to bypass critical thinking
  • Generic greeting "Dear Valued Customer"
  • Threatens account suspension

Fake Invoice / Payment Scam

Subject:Your Microsoft 365 subscription payment failed
Hello, Your Microsoft 365 subscription payment was declined by your bank. To avoid service interruption, please update your payment information immediately: [Update Payment Method] Your subscription will be cancelled if payment is not received within 48 hours. Microsoft 365 Billing Team

Red Flags to Notice:

  • Domain mimics but doesn't match official Microsoft
  • Creates anxiety about losing service
  • Link likely leads to fake payment page
  • Pressure to act quickly

Prize / Lottery Scam

Subject:Congratulations! You won a $1000 Amazon Gift Card!
CONGRATULATIONS! You have been randomly selected to receive a $1000 Amazon Gift Card! This exclusive offer is available for a limited time only. To claim your prize, click below: [CLAIM YOUR PRIZE NOW] You will need to provide your shipping address and verify your phone number. Offer expires in 2 hours! Amazon Rewards Team

Red Flags to Notice:

  • Too good to be true - you didn't enter any contest
  • Suspicious domain
  • Requires personal information to claim
  • Classic advance-fee fraud setup

CEO / Business Email Compromise

Subject:Urgent: Wire Transfer Needed Today
Hi [Employee Name], I need you to handle a confidential matter immediately. I'm in meetings all day and need a wire transfer processed by end of business. Amount: $45,000 Destination: [Bank Details] Please keep this confidential until it's processed. I'll explain when I'm back in the office. Reply to confirm you've started the process. John CEO

Red Flags to Notice:

  • Spoofed executive email address
  • High urgency, bypassing normal procedures
  • Requests unusual financial action
  • Asks to keep it confidential

Phishing Red Flags Checklist

Before trusting any email, check for these warning signs. Multiple red flags = high risk of phishing.

📧Sender email doesn't match official domain
⚠️Urgent or threatening language ("Act now!", "Your account will be closed")
👤Generic greeting ("Dear Customer" instead of your name)
📝Spelling and grammar errors
🔗Links that don't match the official website when hovered
🔐Requests for passwords, SSN, or financial information
📎Unexpected attachments (especially .exe, .zip, .docm)
🎁Too good to be true offers (prizes you didn't enter)
Pressure to bypass normal procedures
🤫Requests for secrecy ("Don't tell anyone")

How to Verify Suspicious Emails

1

Check the Sender Address

Look carefully at the email domain. [email protected] is legitimate, but [email protected] is not. Attackers often register similar-looking domains.

2

Hover Over Links (Don't Click!)

Hover your mouse over any link to see the actual destination URL. If the displayed text says "amazon.com" but the actual link goes somewhere else, it's phishing.

3

Contact the Company Directly

If an email claims there's an issue with your account, go to the company's official website by typing the address yourself (not through the email link) or call their official phone number.

4

Check for HTTPS (But Don't Trust It Blindly)

Legitimate sites use HTTPS, but so do phishing sites. A lock icon means the connection is encrypted, not that the site is trustworthy. Always verify the exact domain name.

5

Trust Your Instincts

If something feels wrong, it probably is. Urgency, pressure, and requests for sensitive information should all raise suspicion. When in doubt, don't click.

What To Do If You Clicked a Phishing Link

If you clicked on a phishing link or provided information, act quickly to minimize damage:

Immediate Actions

  • Don't enter any information - close the page immediately
  • Change your password for that account immediately
  • Enable 2FA if you haven't already
  • Run a virus scan on your device

Follow-Up Steps

  • Monitor your accounts for suspicious activity
  • Contact your bank if financial info was shared
  • Report the phishing to the impersonated company
  • Forward to [email protected]

Frequently Asked Questions

What is a phishing email?
A phishing email is a fraudulent message designed to trick you into revealing personal information, clicking malicious links, or downloading harmful attachments. Attackers impersonate trusted organizations like banks, social media companies, or government agencies to gain your trust. The goal is usually to steal login credentials, financial information, or install malware on your device.
How can I tell if an email is phishing?
Check for these warning signs: sender email address doesn't match the company (like [email protected]), urgent or threatening language pressuring you to act immediately, generic greetings like "Dear Customer" instead of your name, spelling and grammar errors, links that don't match the official website when you hover over them, requests for sensitive information like passwords or Social Security numbers, and unexpected attachments.
What should I do if I clicked on a phishing link?
Act immediately: 1) Don't enter any information on the page. 2) If you entered credentials, change that password immediately and enable 2FA. 3) Run a virus scan on your device. 4) Monitor your accounts for suspicious activity. 5) Report the phishing attempt to the impersonated company and forward it to [email protected]. 6) If financial information was shared, contact your bank.
Can phishing emails look exactly like real emails?
Yes, sophisticated phishing attacks can closely mimic legitimate emails, using company logos, professional formatting, and convincing language. This is why you should never trust an email based on appearance alone. Always verify requests through official channels - call the company directly using a number from their official website, not from the email.
What is spear phishing?
Spear phishing is a targeted attack aimed at a specific individual or organization. Unlike generic phishing emails sent to thousands of people, spear phishing uses personal information (your name, job title, relationships) to appear more legitimate. These attacks are harder to detect because they reference real details about your life. CEO fraud and business email compromise are common spear phishing tactics.
How do I report phishing emails?
Report phishing through multiple channels: Forward the email to [email protected] (Anti-Phishing Working Group). Report to the impersonated company through their official website. In Gmail, click the three dots and select "Report phishing." In Outlook, use the Report Message button to flag as phishing. You can also report to the FTC at reportfraud.ftc.gov.

Practice Identifying Phishing Emails

Test your phishing detection skills with our interactive simulator. Learn to spot the red flags in a safe environment.

Try Phishing SimulatorSet Up 2FA Protection

Related Guides

Phishing Training Course

Complete training on recognizing and avoiding all types of phishing attacks.

Password Security Guide

Protect your accounts with strong passwords and password managers.