The 12 Most Dangerous Phishing Email Examples In 2023


- What Makes A Phishing Email Dangerous?
- The Most Dangerous Phishing Email Examples In 2023
- #1 Google Drive File Share Phishing Email Example
- #2 Jira Notification Phishing Email Example
- #3 Gmail Blocked Login Phishing Email Example
- #4 Prezzee Gift Phishing Email Example
- #5 HR Policy Violation Phishing Email Example
- #6 FedEx Shipment Phishing Email Example
- #7 LastPass Suspicious Login Phishing Email Example
- #8 Slack Password Reset Phishing Email Example
- #9 Microsoft Teams Missed Message Phishing Email Example
- #10 Microsoft OneDrive File Share Phishing Email Example
- #11 DocuSign Signature Request Phishing Email Example
- #12 Bank of America Suspended Account Phishing Email Example
- Wrapping Up
Phishing is an art form where attackers must put themselves in their victim's shoes and try to see the world from their perspective.
Everything about the phishing email needs to be designed in a way where it both catches the eye of a victim and convinces them to take action, but without them scratching beneath the surface and analyzing the email in too much detail, because that's where the cracks in the facade appear.
To show just how effective, enticing, and convincing phishing can be, we've collated 12 of the most dangerous simulated phishing email examples used across the CanIPhish customer base in 2023.
But before we delve into these emails, let's first understand what makes a phishing email dangerous.
Jump To The #1 Most Dangerous Phishing Email ExampleWhat You'll Learn In This Article.
- The phishing techniques that cyber criminals use to socially engineer victims.
- How cyber criminals learn to think like their victims.
- How to send simulated phishing emails to employees.
- Why you should use dangerous phishing emails when sending phishing simulations.
What Makes A Phishing Email Dangerous?
Think of phishing emails like you would a spy who is trying to entice information out of a government official.
The spy must be subtle and maintain a low profile while having a good cover story and reason for interacting with the official. This cover story needs to provide the official with enough evidence that the spy is a legitimate individual who has reason for asking the questions they're asking, but not out-of-ordinary enough that it makes them suspicious.
Like the spy, a phishing email must appear to come from a legitimate service or individual, have a strong call-to-action, and not seem out of place with what the victim is normally asked to do.
With this in mind, let's delve into the most dangerous simulated phishing emails seen across the CanIPhish customer base!
The Most Dangerous Phishing Email Examples In 2023
The following 12 phishing emails compromise between 30% and 54% of employees, with the ability to trick even the most trained IT and cyber security professionals.
#1 Google Drive File Share Phishing Email Example
With an average of 54% of employees being compromised, this Google Drive phishing email is the most dangerous of the lot!
This should come as no surprise. Employees who use Google Workspace typically receive Google Drive file-share emails on a daily basis. An email such as this is uniquely positioned to not raise any alarm bells from the employee viewing it while still being engaging enough that they’re enticed to click on the payload.
Let’s break this phishing email down and understand what makes it so dangerous:
- What is this email? This email is masquerading as the Google Drive service. Specifically, it appears to come from the HR team and entices individuals to click on a link that leads to an updated company organizational chart.
- Why is this email difficult to spot? By masquerading as a commonly used service, it can easily blend into the mix of other emails an employee would receive on any given day. It additionally introduces a layer of urgency by indicating that a sudden change has taken place, and it's in the employee's best interest to find out what changes took place.
- Who is prone to falling for this phish? Any employee who uses Google Workspace.
#2 Jira Notification Phishing Email Example
Jira is one of the most popular issue and project tracking tools on the market. Employees who use it have come to love the service it provides because it's designed to help teams collaborate and make everyone’s life easier.
The downside of this is that it makes it a prime target for attackers to use for phishing! With an average of 47% of employees being compromised, this Jira notification phishing email is surprisingly successful.
Let’s analyze this email and understand what makes it successful:
- What is this email? This email is masquerading as Jira, the issue and project tracking software. Specifically, the email appears to be a Jira notification notifying the recipient that they’ve been assigned a new task.
- Why is this email difficult to spot? This email contains a high degree of personalization, including the employee's first name and last name. This personalization, along with the usage of Jira logos, terminology, and the transactional nature of the email, makes it particularly difficult to spot.
- Who is prone to falling for this phish? Software developers, project managers, product managers, and IT administrators would be particularly susceptible to this type of phishing email. As these employees typically have elevated access within businesses, it makes this phishing email particularly attractive to cyber criminals.
#3 Gmail Blocked Login Phishing Email Example
Coming in third, we have another Google-themed phishing email, which compromises 38% of employees on average!
Google Mail, otherwise known as Gmail, is an incredibly popular email collaboration tool that is used by both consumers and businesses. It’s become so popular, predominantly due to its accessibility, cost, and native integration with other Google products.
While this makes it a great tool for its users, its sheer popularity makes it an attractive target for phishing emails.
With this in mind, let’s deep dive into why this email is so effective:
- What is this email? This email is masquerading as Gmail. More specifically, it appears to be a security notification that advises the recipient that Google just blocked a suspicious login attempt and that the recipient's password has potentially been compromised.
- Why is this email difficult to spot? While this email contains no personalization, the sheer urgency and fear it sparks in recipients is enough to make it difficult to spot. This email relies on recipients having an emotional response and not critically analyzing the email.
- Who is prone to falling for this phish? Anyone who uses Gmail or other Google-provided products.
#4 Prezzee Gift Phishing Email Example
Do you love gift cards? Well, so do cyber criminals! It provides them with a means of stealing money from unsuspecting victims without the hassle of needing to launder the money through banks or credit card companies.
Prezzee is a popular service used by both consumers and businesses for sending and managing gift cards. With an average of 36% of employees being compromised, this is a popular phishing email for any financially motivated attacker.
Let’s unpack this email and see why it’s so effective:
- What is this email? This email is masquerading as Prezzee. Specifically, it appears to be a company-issued gift card that’s being provided to the receiving employee due to their high performance.
- Why is this email difficult to spot? This email contains an element of personalization with the receiving employee's first name and the name of the company they work for being used within the email body. This email also relies on inciting excitement within the receiving employee, which could cause them to bypass the critical thinking normally applied to an unexpected email.
- Who is prone to falling for this phish? Any employee who is familiar with the Prezzee gift card service or views themselves as a high performer and deserving of a reward, raise, or other form of bonus.
#5 HR Policy Violation Phishing Email Example
The dreaded email from Human Resources (HR). With an average of 35% of employees being compromised, we recommend using this phish with care!
Every medium to large business has an HR team, making it an easy but also popular team to masquerade as. With this in mind, let’s delve into this email and understand what makes it such a potent phish:
- What is this email? This email is masquerading as an email from the HR team, notifying the receiving employee that they’ve violated company policy and viewed inappropriate material on their work computer.
- Who is prone to falling for this phish? Due to the general nature of the phish, any employee could fall for it.
- Why is this email difficult to spot? This email can send shivers down the spine of anyone who receives it. It leaves the recipient questioning, what was it that I did? How bad was it? Did I run the wrong search on the wrong computer? In any case, it leaves the recipient with a feeling that they need to prepare their defense, and the first part of that is viewing the purported evidence. Adding an additional layer of deviousness, this email contains a phishing link, a phishing attachment, and a high degree of personalization.
#6 FedEx Shipment Phishing Email Example
Expecting to receive a package? The interesting thing about being the receiver of a package is that you often aren’t the one who chooses who the actual courier is. In many cases, you just receive a notification from the courier, and you have to trust that what they’ve sent matches with what you’re expecting.
It’s the unexpected nature of these notifications that makes this phish so dangerous! With an average of 33% of employees being compromised.
Forgive the pun. Let’s unpack this email and learn what makes it so devious.
- What is this email? This email is masquerading as a FedEx shipment tracking notification. It advises the recipient that they have a package in transit and entices them to click the tracking link.
- Why is this email difficult to spot? It’s not an uncommon scenario that packages are received without prior notification. It could be a present from someone, a gift from an individual's workplace, or perhaps even a delivery that’s just been forgotten. These factors can make a normally unexpected email seem normal. Couple that with some personalization in the form of the recipient's first name, and we have an effective phishing email.
- Who is prone to falling for this phish? Any general consumer or employee is vulnerable to this phish.
#7 LastPass Suspicious Login Phishing Email Example
With the average person using more and more online services, it’s become increasingly difficult to keep track of all the passwords used to log in to them.
While many people are enticed to re-use passwords, the ever-growing number of data breaches has made a lot of people aware of the risks associated with credential re-use. If an attacker steals your credentials from a data breach for one online service you use, they could potentially log in to all the services you use!
It’s for this reason that password managers such as LastPass have become so popular! Accordingly, this phish compromises 33% of employees on average.
Let’s walkthrough this email and understand what makes it so effective:
- What is this email? This email is masquerading as a LastPass suspicious login notification. It’s notifying the recipient that someone just used their master password to log in from an unrecognized location.
- Why is this email difficult to spot? For anyone who uses a password manager, receiving an email such as this is their worst fear. Password managers essentially hold the crown jewels and store all the sensitive secrets and credentials for anyone who uses them. With this in mind, this email is designed to invoke a fearful response in the recipient, causing them to interact with it without applying critical thinking. The additional use of light personalization increases the realistic look and feel of this email.
- Who is prone to falling for this phish? Any employee who uses the LastPass password manager.
#8 Slack Password Reset Phishing Email Example
Slack needs no introduction. It’s one of the most popular communication and collaboration platforms in the world.
Employees use Slack every day to communicate with their colleagues and even customers. Receiving email notifications from Slack is a common occurrence, making it no surprise that this phish compromises 32% of employees on average.
Let’s explore this email and find out why it’s so effective:
- What is this email? This email is masquerading as a Slack password reset notification. It’s notifying the recipient that their password is due to expire in the next 24 hours, and a new password needs to be set.
- Why is this email difficult to spot? While this phishing email contains no personalization, it doesn’t need it. The email instead relies on the urgency of the request to entice the recipient into immediate action. This action takes the form of a phishing link, which is the primary call to action.
- Who is prone to falling for this phish? Any employee who uses Slack.
#9 Microsoft Teams Missed Message Phishing Email Example
Microsoft Teams is a favorite among large businesses. It includes a plethora of functionality and integrates with a wide variety of Microsoft Office products.
When adopted by a business, typically, every employee will gain access to the Microsoft Teams Platform, so it comes as no surprise that this email compromises 33% of employees on average.
Let’s delve into the email and understand what makes it so effective:
- What is this email? This email is masquerading as a Microsoft Teams missed message notification. It’s notifying the recipient that a team member tried to contact them about an upcoming leave request they’ve made. It then prompts the recipient to message the sender back by clicking a button.
- Why is this email difficult to spot? When someone is away from their desk or misses a message, it’s common to get an email from Teams keeping them updated on everything that’s happened in their absence. While this email contains no personalization, it fits into the theme of generalized notifications that Microsoft Teams sends out and can easily be overlooked as just another legitimate notification.
- Who is prone to falling for this phish? Any employee who uses Microsoft Teams.
#10 Microsoft OneDrive File Share Phishing Email Example
Microsoft OneDrive is a core product within the Microsoft 365 Suite of products. It’s used for both cloud-based file storage and collaboration between colleagues, partners, and customers.
When a file is shared using Microsoft OneDrive, the notification arrives through email, which explains why this phishing email is so successful, compromising 31% of employees on average.
Let’s explore this phishing email and analyze what makes it unique:
- What is this email? This email is masquerading as a Microsoft OneDrive file share email. It notifies the recipient that they’ve just been sent a Word document relating to employee performance reports and prompts the recipient to click a link in the email to view the document.
- Why is this email difficult to spot? While this email contains no personalization, it’s trying to invoke an emotional response in the recipient because this file has likely been shared with them by accident and contains sensitive information that they would want to know about. If the recipient it a little bit too curious, they’ll click the phishing link without properly analyzing the email.
- Who is prone to falling for this phish? Employees who use Microsoft OneDrive will be particularly susceptible to this email, but because Microsoft OneDrive is frequently used to share files with non-Microsoft users, any employee could be susceptible to this phish.
#11 DocuSign Signature Request Phishing Email Example
DocuSign is a popular online service for handling digital agreements. In many cases, the request to exchange and sign an agreement is sent through email.
Because of this, DocuSign-themed phishing emails are enticing for attackers to use, with this phishing email compromising 33% of employees on average.
To understand why this phishing email is successful, let's analyze it in more depth:
- What is this email? This email is masquerading as a DocuSign signature request, where the recipient is asked to click on a link to review and sign a document.
- Why is this email difficult to spot? It’s not uncommon that DocuSign signature requests come through at unexpected times. It could be that you need to sign off that you’ve read a certain policy, performed an annual training, or done a variety of other actions. Because of this, recipients of DocuSign emails have become trained to expect unsolicited emails appearing to come from DocuSign.
- Who is prone to falling for this phish? Any employee is prone to this phishing email.
#12 Bank of America Suspended Account Phishing Email Example
Bank of America is one of the largest financial institutions in the United States of America. It’s used by both a mixture of consumer and business customers and provides a wide variety of banking services.
This has made it a popular target for cyber criminals who typically utilize phishing to either steal banking credentials or install banking malware. Like many banks, Bank of America periodically sends out emails to their customer base, whether marketing-related, transactional, or even scheduled. This phishing email manages to slip into the mix and compromise 30% of employees on average.
Let’s explore this email to understand what makes it so dangerous:
- What is this email? This email is masquerading as a Bank of America suspended account notification. It’s notifying the recipient that unusual activity has been detected on their account, and accordingly, an account hold has been put in place. To remedy this, the email tries to entice the recipient to click a button, which then leads to a phishing website.
- Why is this email difficult to spot? This email uses a high degree of personalization, using the recipient's first and last names within the email body. Further to this, it’s easy for this email to mix in with the flurry of legitimate emails that Bank of America periodically sends out.
- Who is prone to falling for this phish? Employees who use Bank of America as their banking institution. Typically, this will only be for a subset of employees located in the United States of America.
Wrapping Up
Cyber criminals are continuously improving the tactics and techniques they use to socially engineer victims through phishing.
To protect against this, it’s essential to use simulated phishing emails to develop a human firewall. As employees progressively become better at spotting phishing attacks, it’s important to start delivering more and more dangerous phishing emails that are harder to detect. In some cases, this may require the creation of custom phishing emails.
Through this progressive and continual learning, employees will be well-equipped to fend off cyber criminals and avoid phishing attacks!