Phishing Email Examples

Cyber criminals are constantly learning new techniques to phish employees. To combat this, take a look at some of the most effective and common phishing emails provided by CanIPhish!

Simulated Phishing Email Examples

Phishing is a lasting threat and every employee needs to understand how to spot the outlined phishing email examples. Each email contains a variety of phishing indicators and by learning how to spot these, employees will be best positioned to deal with phishing attacks. Each phishing email example, either entices the recipient to respond, leads to a website or to an attachment.

Phishing Email Examples - M365
Phishing Email Example for M365
Phishing Email Example

Microsoft 365 OneDrive Phishing Email

  • What is this email? - This email is masquerading as the legitimate Microsoft 365 OneDrive Cloud Service. In particular, it's indicating to the victim that a colleague has shared a document with them.
  • What are the phishing indicators? – This email is enticing the victim to click on a link to view a file and the email is unexpected.
  • How difficult is this phish to spot? – This email is untargeted in nature but it does abuse the fact that sender display names can be anything to add an additional layer of realism. This phishing email will be easy to spot.
  • Who is prone to falling for this phish? - Employees who frequently use Microsoft 365 or other Microsoft related cloud services will be prone to falling for this phishing email example.
Phishing Email Example

Gmail Phishing Email

  • What is this email? - This email is masquerading as the legitimate Gmail Cloud Email Service. In paricular, it's indicating that a recent sign-in attempt was blocked and prompts the victim to check the activity.'.
  • What are the phishing indicators? – This email is enticing the victim to click on a link to view the blocked sign-in attempt.
  • How difficult is this phish to spot? – This phishing email is untargeted in nature and doesn't contain any information personalising it to the victim (e.g. first name, last name, company name, etc.). This phishing email example will be easy to spot and can be characterised as bulk phishing.
  • Who is prone to falling for this phish? - Employees who frequently use Gmail or other Google related cloud services will be prone to falling for this phishing email example.
Phishing Email Examples - Gmail
Phishing Email Example for Gmail
Phishing Email Examples - Dropbox
Phishing Email Example for Dropbox
Phishing Email Example

Dropbox Phishing Email

  • What is this email? - This email is masquerading as the legitimate Dropbox Cloud Storage Service. In particular, it's indicating that an account is due to be closed as it hasn't been used in the past two months.
  • What are the phishing indicators? – This email is enticing the victim to click a Sign In link to prevent the closure of their Dropbox account due to inactivity.
  • How difficult is this phish to spot? – This phishing email is personalised using the victims first name and as such it will be moderately difficult to detect. This email can be characterised as spear phishing.
  • Who is prone to falling for this phish? - Employees who frequently use Dropbox or other cloud storage services may be prone to falling for this phishing email example.
Phishing Email Example

American Express Phishing Email

  • What is this email? - This email is masquerading as the legitimate American Express Financial Institution. In particular, it's indicating that there may have been an unauthorised credit card transaction.
  • What are the phishing indicators? – This email is enticing the victim to click a link to confirm that a recent transaction is approved or unauthorised.
  • How difficult is this phish to spot? – This phishing email is easy to spot as it's unpersonalised and can be characterised as bulk phishing.
  • Who is prone to falling for this phish? - Employees who have AMEX Credit Cards or use AMEX services such as Global Business Travel will be prone to falling for this phishing email example.
Phishing Email Examples - AMEX
Phishing Email Example for AMEX
Phishing Email Examples - Recruiter Outreach
Phishing Email Example for Recruiter Outreach
Phishing Email Example

Recruiter Outreach Phishing Email

  • What is this email? - This email is masquerading as an executive recruiter. In particular, it's indicating that the victim is being considered for a high-paying and time critical position at a company.
  • What are the phishing indicators? – This email is enticing the victim to simply respond to the email on whether they are interested in pursuing the opportunity.
  • How difficult is this phish to spot? – This phishing email is easy to spot but as it's simply enticing a response from the victim, there is a high likelihood that victims will interact with the phish regardless.
  • Who is prone to falling for this phish? - Employees who are looking for new opportunities or are struggling financially are prone to falling for this phishing email example.
Phishing Email Example

Booking.com Phishing Email

  • What is this email? - This email is masquerading as the legitimate Booking.com online booking service. In particular, it's indicating that the victims company has worked with Booking.com to provide a vacation packages at reduced pricing.
  • What are the phishing indicators? – This email is enticing the victim to click one of the links or images associated to a vacation package within the email.
  • How difficult is this phish to spot? – This phishing email is moderately difficult to spot as it contains a degree of personalisation through use of the victims first name. This email can be characterised as spear phishing.
  • Who is prone to falling for this phish? - Employees who are looking to book vacations are prone to falling for this phish. This is also considered a seasonal phish and is more likely to be delivered in the build-up to holiday seasons such as New Years.
Phishing Email Examples - Booking.com
Phishing Email Example for Booking.com
Phishing Email Examples - LinkedIn
Phishing Email Example for LinkedIn
Phishing Email Example

LinkedIn Phishing Email

  • What is this email? - This email is impersonating the LinkedIn professional social media networking platform. In particular, it's indicating that a password reset request has been received and that the victim needs to specify if it's fraudulent.
  • What are the phishing indicators? – This email is attempting to have the victim click a link to indicate that the password reset request was unauthorised.
  • How difficult is this phish to spot? – This phishing email is moderately difficult to spot as it's personalised through use of the victims first name. This email can be characterised as spear phishing.
  • Who is prone to falling for this phish? - Employees who utilise LinkedIn for professional networking are prone to falling for this phish. Unfortunately, in the corporate world, this is a majority of employees.
Phishing Email Example

Facebook Phishing Email

  • What is this email? - This email is impersonating the Facebook social media networking platform. In particular, it's identifying that based on real-world events, Facebook as experienced a data breach and password resets are required because cyber criminals have stolen them.
  • What are the phishing indicators? – This email is attempting to have the victim click a link to reset their password.
  • How difficult is this phish to spot? – This phishing email is hard to spot as it's personalised through use of the victims first name and based on real-world events from Facebook. This email can be characterised as spear phishing.
  • Who is prone to falling for this phish? - Employees who use Facebook for personal use are prone to this phish. Unfortunately, as Facebook is one of the most used social media platforms in the world, this will affect a large number of employees.
Phishing Email Examples - Facebook
Phishing Email Example for Facebook
Phishing Email Examples - Netflix
Phishing Email Example for Netflix
Phishing Email Example

Netflix Phishing Email

  • What is this email? - This email is masquerading as Netflix, the video streaming service. In particular, it's advising the victim that their password is due to expire in 3 days.
  • What are the phishing indicators? – This email indicates that due to an upcoming password expiration, the victim needs to click a link to reset their password.
  • How difficult is this phish to spot? – This phishing email is personalised using the victims first name and as such it's a targeted phish which is moderately difficult to detect. This email can be characterised as spear phishing.
  • Who is prone to falling for this phish? - Employees who directly subscribe to Netflix or are apart of a multiple-user Netflix subscription are prone to falling for this phish.
Phishing Email Example

Slack Phishing Email

  • What is this email? - This email is impersonating Slack, the cloud collaboration platform. In particular, it's notifying the victim that a password reset request was initiated by a third-party.
  • What are the phishing indicators? – This email indicates that due to a password reset request, the victim should click a link to either notify the team at Slack that this request was unauthorised or to proceed with the password reset request.
  • How difficult is this phish to spot? – This phishing email contains no personalisation and can be characterised as bulk phishing with a low degree of difficulty to spot.
  • Who is prone to falling for this phish? - Employees or companies who utilise Slack are more prone to falling for this phish.
Phishing Email Examples - Slack
Phishing Email Example for Slack
Phishing Email Examples - Xero
Phishing Email Example for Xero
Phishing Email Example

Xero Phishing Email

  • What is this email? - This email is impersonating Xero the cloud accounting and payroll platform. In particular, it's notifying the victim that their password is due to expire in the next 24 hours.
  • What are the phishing indicators? – This email indicates that due to an upcoming password expiration, the victim needs to urgently perform a password reset or else they may be locked out of their account.
  • How difficult is this phish to spot? – This phishing email is personalised using the victims first name and as such it's moderately difficult to spot. This email can be characterised as spear phishing.
  • Who is prone to falling for this phish? - Employees who use Xero for payroll, timesheets, financial forecasting, invoicing or any of it's financial services are prone to falling for this phish.
Phishing Email Example

Zoom Phishing Email

  • What is this email? - This email is masquerading as Zoom, the cloud video conferencing and remote working platform. In particular, it's advising the victim that they have been invited to join a call that's begun for their Quarterly All Hands meeting.
  • What are the phishing indicators? – This email is notifying the user that a high-value meeting has just begun and that they're potentially late for it. Due to this, the victim is urged to click on the link to join the discussion.
  • How difficult is this phish to spot? – While this phishing email contains no personalisation, it's masquerading as a trusted service where emails are frequently received from unknown domains. Due to this, the phish can be moderately difficult to detect even though it's characterised as bulk phishing.
  • Who is prone to falling for this phish? - Employees who frequently use Zoom, whether it be internally or to join customer, vendor or partner calls are prone to falling for this phish.
Phishing Email Examples - Zoom
Phishing Email Example for Zoom

Want to see more... Phishing Email Examples?

The CanIPhish Cloud Platform, contains 50+ phishing email examples with the ability to modify or create your own. Each phishing email is themed from global services that employees frequently use and some are targeted towards employees based out of the United States of America, Canada, Australia, South Africa, Saudi Arabia or the United Arab Emirates. To get started, simply create a free account and begin training your employees with simulated phishing emails.