This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

20 Phishing Email Examples: What Not To Fall For In 2024

Spotting a scam email isn't easy if you don't know the signs. Here are 20 phishing email examples that might look real at first.

Illustration of a fishing rod emerging from an envelope on a laptop screen as if to indicate a phishing email

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.7 stars as of March 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      20 Phishing Email Examples And What They’re After

      Posing as well-known organizations, hackers send fake emails and text messages that are designed to steal your sensitive data or install malicious software onto your devices.

      You've likely received numerous phishing emails — some obvious, others more skillfully disguised. Though we should all get in the habit of questioning every email, not everyone does. 

      In fact, 44% of people believe an email is safe just because it features familiar branding [*]. In 2022, cybercriminals took advantage of this misplaced trust and used Microsoft branding in more than 30 million scam emails.

      Phishing emails often manipulate victims with social engineering tactics, which don’t discriminate. They target individuals of all ages, both in the workplace and at home. 

      Here are 20 examples of phishing emails that could catch you off guard.

      1. Tech support phishing emails

      Using scare tactics in emails and pop-ups, scammers trick victims into believing that they need technical support. Fraudsters might pose as Microsoft — the most spoofed brand in 2023 [*] — or Best Buy's Geek Squad to convince you that there is an issue with your device.

      Fake pop-up alerting the user of supposed suspicious activity on their device, with a callback number for tech support
      Example of a tech support pop-up. Source: FTC.

      How tech support scams work:

      • Scammers use highly technical or vague cybersecurity language to scare, confuse, and disarm you. 
      • They may bill you for the contrived device or software repairs — or sell you on needless upgrades or warranties.  
      • They might urge you to click on malicious attachments or visit a website to produce your information. 
      • They could request remote access to your computer to fix supposed issues, allowing them to install malware or ransomware.

      2. Tax refund scam emails

      A common phishing technique involves scammers posing as the Internal Revenue Services (IRS), claiming to resolve issues about your tax refund, Social Security number (SSN), or other tax-related information. Since the IRS does not request information or award tax refunds via email, these communications are almost always fraudulent [*]. 

      How tax refund scams work:

      • Using an urgent subject line, scammers aim to scare or excite you into clicking on a malicious link, logging in to a fake website, or providing private tax-related information, such as your W-2 form.
      • They may threaten you with suspended accounts, cite overdue payments, or promise unexpected refunds. In fact, they want to steal your login information, your identity, or your tax refund.
      • You could be asked to open an attachment that downloads malicious software onto your computer.

      3. Suspicious activity notices

      Many of your online accounts have email security measures in place that warn you when suspicious activity is detected, such as multiple login attempts or logins from unknown locations.

      Scammers take advantage of this by sending look-alike communications. These phishing emails appear helpful, but they’re designed to steal your information.  

      How suspicious activity scams work:

      • Scammers notify you of unusual login attempts or another security event. 
      • They may claim that your account has been suspended or closed and that you need to call a number or click on a link to reopen it.
      • Either through a phone call or a fake website, you're asked for your login and other personal information to reactivate the account.

      📚 Related: How To Identify (and Avoid) Apple Phishing Emails

      4. Social media phishing emails

      In this scam, the phishing email comes from an alleged social media support team, such as Instagram or LinkedIn. The message imitates a typical warning or account notification in order to appear authentic and get your attention.

      Phony login alert email impersonating Facebook, with a CTA to ‘Report the User’
      Example of a social media phishing scam. Source: Reddit.

      How social media phishing scams work:

      • This scam email contains a phishing link to verify or login in to your account. 
      • Clicking on the link could download malware or spyware, or take you to a spoofed login page. 
      • Once they have your account information, scammers can log in and lock you out or use the login elsewhere if you have reused your password. 

      📚 Related: How To Protect Your Personal Information on Social Media

      5. Bogus payment confirmation emails

      Scammers send messages that look like receipts from legitimate service providers. They want you to question the payment, think that your account has been compromised, and take action. 

      How payment confirmation scams work:

      • You receive an email from a well-known company that states your purchase has been completed.
      • You may be asked to click on a link, download an attachment, or call a number to dispute the charges or cancel your subscription.
      • The links redirect you to a phishing website, the downloads contain malware, and the phone number leads to a scammer posing as a billing team representative. All paths lead to giving up your personal information.

      6. Incorrect billing information notices

      This type of phishing email claims that you need to update your billing information for a popular type of account, such as Netflix or Amazon. Scammers usually impersonate large companies with trustworthy images to give the phishing emails more believability and reach [*].   

      How incorrect billing scams work:

      • These emails dangle an account hold or suspension if you don't update your billing information.
      • Scammers use threats and deadlines to pressure you — along with high-quality branding to earn your trust.
      • The email has a link that takes you to a fake login page where you’re asked to update your account; but any information you provide goes directly to the scammer.

      📚 Related: How To Spot a Bank of America Phishing Email

      7. False iCloud update notifications

      In the iCloud update scam, hackers attempt to hack your Apple ID by posing as customer support. If they can gain control of your Apple accounts, they might access your documents, photos, and credit card information.

      How false iCloud update scams work:

      • Phishers send a mock support email that instructs you to update or upgrade your iCloud account before you get locked out.
      • Some versions threaten that you'll lose access to iCloud, iPhone, or App Store features if you fail to modify your information.
      • Clicking on any call to action (CTA) takes you to a fake website, where information entered goes straight to the scammers.

      📚 Related: Scammed on Apple Pay? Here's How To Get Your Money Back

      8. Human Resources (HR) email scams

      In these email scams, fraudsters leverage trust that students and employees place in the HR department. An analysis of phishing emails sent in the second quarter of 2023 revealed that 50% appeared to come from HR [*].

      How HR survey scams work:

      • They target student or work email accounts, and even spoof school or university .edu addresses and employer email addresses in order to appear official and mimic standard practices.
      • You may be asked to provide your input in a school or work matter, complete a survey, or download or fill out work- or school-related documents.
      • To submit a response, you may be asked to provide personal information or navigate to a phishing website.
      • Clicking on any links could launch malware that infects your individual device or your institution's entire computer network.

      9. Google Drive and Docs scams

      Google Drive and Docs scams comprise varying shapes and goals. They may seek your login information, target your Google and Gmail contact lists, or infiltrate your devices with malware. 

      To achieve this, scammers share malicious files and links through Google Drive, which causes Google to send you an email alert — both lowering your guard and bypassing spam filters [*].  

      How Google Docs scams work:

      • Scammers either share an infected Google Doc with you, share a malicious link in a comment, or create a fake document with a special web app.
      • When you open the document, you may be encouraged to follow a link to a fake website or download a file containing malware.
      🛡 Take action: Aura’s safe browsing feature displays a warning pop-up if you are in imminent danger of entering a malicious website. A push notification labeled “Malware site blocked” will also be delivered. Start your free trial to see how

      10. USPS phishing emails

      This scam involves fraudsters posing as United States Postal Service (USPS) representatives and claiming that an upcoming delivery requires a response from you.

      They hope that you’ve ordered something and think it's been held up, or that you believe someone has made a fraudulent order in your name. 

      How USPS scams work:

      • You're asked to click on a link and log in to view the order and update your shipping information.
      • The link takes you to a spoofed USPS login page, where any data you enter will be stolen.
      • Amazon email scams work in the same way, with fraudsters pretending to represent the online retailer.

      📚 Related: Change-of-Address Scam: Why Scammers Want Your Address

      11. Fake voicemail notifications

      In this scheme, fraudsters use false voicemail notifications in emails to trick you into downloading malware on your device or revealing your login credentials on a fake website. If you've signed up for voicemail notifications through email, this scam can be particularly effective. 

      How fake voicemail scams work:

      • The email spoofs popular voicemail notifications and appears to contain an audio file, such as a .wav file.
      • The file is actually a malicious download or an HTML file that redirects you to a fake login webpage where your login credentials are then hijacked.

      12. Phony invoice scams

      Scammers use fake invoices to get your money or your information. They either try to dupe you into paying them under false pretenses, or defraud you (and steal your personal data) by convincing you to investigate a fraudulent invoice [*].

      Scam email impersonating PayPal, requesting a $479 USD payment to Coinbase
      Source: ITonDemand

      How bogus invoice scams work:

      • You receive an email containing what looks like a legitimate invoice from a legitimate organization for something you didn't purchase.
      • If you pay the invoice, the money goes to the scammers.
      • If the email contains an attachment invoice, it could contain malware.
      • If the email has a CTA link, it takes you to a fake login page that is under scammer surveillance.

      13. Email account upgrade scams

      In this phishing email, scammers advertise email account upgrades by posing as well-known email service providers, like Google or Outlook. They warn recipients of account termination should they fail to upgrade or update their accounts [*].

      How email account upgrade scams work:

      • The attackers want you to click on the link and provide your login and personal information on a spoofed landing page.
      • Once the fraudsters have your login, they lock you out, steal your sensitive information, sell your data, and scam others in your contact list.

      14. Dropbox phishing emails

      In this scam, thieves take advantage of how regularly people share documents via email. Impersonating Dropbox, scammers send emails that include links for shared files. They may spoof the sender's name and address to make it appear to come from someone you know. 

      How Dropbox phishing scams work:

      • You receive an email that looks like an official Dropbox notification.
      • The email instructs you to click on the CTA to review the shared document.
      • On the fake Dropbox page, you're prompted to download a harmful file or enter your login details.

      15. CEO phishing emails

      CEO fraud is a type of spear-phishing in which scammers exploit the company hierarchy and impersonate your CEO or another executive. 

      CEOs and other high-level executives may also be targeted in similar schemes, sometimes known as whaling or whale phishing — as scammers are after the "big fish."

      How CEO phishing scams work:

      • Bad actors may spoof your CEO’s name with a slightly different email address — or use the correct name and the email, as seen in a business email compromise (BEC).
      • You’re asked to send money or information to the sender, or download a file leading to malware or ransomware attacks.

      📚 Related: Can Someone Hack Your Phone With Just Your Number?

      16. Costco phishing scams

      In Costco phishing attempts, fraudsters use the brand's name and reputation to disarm Costco shoppers. These emails may contain links or files with malware, CTA links to fake websites, and contact information connected to the scammers. 

      How Costco phishing emails work:

      • Fraudsters use Costco branding to offer fake rewards, giveaways, and promotions — along with account updates, invoices, and surveys. 
      • To claim your prizes or dispute the fake charges, you need to call or visit the provided number or site and give up your information.

      📚 Related: The 10 Worst Walmart Scams & Fraudulent Schemes of 2022

      17. Bank scam emails

      Most banks send account updates and security notifications to customers via email. Cybercriminals capitalize on this by sending fraudulent emails related to account transactions and suspicious activity.

      They want to prise sensitive information, such as your online banking username, password, and account information.

      How bank scams work:

      • In bank scam emails, scammers impersonate your bank, such as Wells Fargo or Bank of America.
      • They may cite nonexistent transactions made on your account, hoping that you click on the provided link or call the phone number to dispute the charges.
      • Cybercriminals might also attach malware to infect your device and steal your information and money.

      18. Fake app purchase prompts

      One of many App Store scams, fake app purchase emails mimic app store communications to convince you to click on malicious links or provide information [*].

      Fake Apple receipt for a $29.99 purchase of ‘Last Battleground: Mech’
      Source: Reddit.

      How fake app installation scams work:

      • You receive an email that includes a receipt or a "successful payment" subject line. 
      • Since you likely didn't download the app, you may suspect that your account has been hacked. 
      • The email may contain an order in an attachment, a plain text receipt with a linked order number, or a "manage account" link.
      • Any links or phone numbers lead to a phishing attempt, while the attachments could be harmful.

      19. Advance-fee scams

      An off-shoot of the old Nigerian Prince emails, advance-fee scams (or 419 scams) ask you to send money upfront in return for more earnings or opportunities. These scams often pick up during times of global turmoil, as scammers can create more believable lies.

      How advance-fee scams work:

      • Fraudsters send you an elaborate story that connects them to a widely recognized problem and explains why their money is supposedly tied up. 
      • The scam may build gradually, gaining your trust and gathering information slowly. 
      • Over time, the fraudster requests that you share your bank account details, deposit money into your account, or withdraw funds.
      • Scammers may also ask you to pay a fee to make a large transaction possible. 

      📚 Related: How To Spot a Military Romance Scam: 17 Warning Signs

      20. Account suspension emails

      Pretending to come from large and recognizable organizations, scammers send account suspension emails to scare you into acting quickly. They threaten you with an account closure in hopes that you'll log in to the fake account page they created [*].

      Email impersonating Microsoft alerting the recipient of an account suspension, with a CTA called ‘Keep it active’
      Source: Microsoft.

      How account suspension scams work:

      • In the email message, the scammer instructs you to click on a link to reactivate your suspended account.
      • The link may contain malware or lead to a page that will leak your password and account numbers.
      🛡 Take action: Aura’s email masking feature allows you to use an email alias while signing up for any online account. Install Aura’s password manager extension to create your first email alias. Start your free trial today →

      How To Protect Yourself From Phishing Attacks

      Nearly 31,000 phishing messages were sent daily in the 12-month period from the fourth quarter of 2022 to the third quarter of 2023 [*]. 

      This means that you've probably already received one of these messages yourself or will in the future. Be ready, and watch out for these telltale signs:

      • Grammatical errors or misspelled words. Fraudsters may misspell words accidentally or intentionally — either because they lack the resources to edit properly, or to focus only on the most pliable and distracted potential victims. 
      • Unrelated, unofficial, or hidden URLs. Scammers link to fake websites or login pages that look official, but steal your information or reroute you to malicious websites. When in doubt, hover over the link to see where it’s sending you or visit the site directly.
      • Unusual or impersonal salutations. While phishers already have your email address, they likely don't know or have the time to include other personal details in the email. For that reason, generic greetings usually signal a scam.
      • Urgent or threatening tone. Scammers contrive a sense of urgency in emails to get you to act quickly and irrationally.
      • Unrelated sender name and email address. Phishing emails use look-alike or spoofed addresses to fool you into thinking that you’re corresponding with someone you trust or believe to be authentic. Hover over the sender's name to reveal the true address, and always verify that it comes from an official domain.
      • Poor-quality logos. Phishing emails regularly use poor copies of legitimate logos, possibly because they have to recreate them or because they don't have access to the actual high-resolution image.
      • Unprompted email attachments. Some phishing emails come with attachments that contain malicious code or viruses. Never open unsolicited attachments without first scanning them with an antivirus software.
      • Direct requests for PII (Personally Identifying Information). Most phishing emails aim to extract personal information. Any request for your billing address, financial information, or other private details is likely phishing. 
      • Signs of brand spoofing. Most brand spoofing appears to be off in one way or another — such as the logo, email address, or the company address and phone number. If you want to verify a communication, call the company directly and ask about the email. 

      Pay attention to these red flags, update your passwords regularly, enable two-factor authentication (2FA), and stay informed about the latest scams.

      For more comprehensive security, turn to Aura and receive full identity theft protection — including credit, account, and personal information monitoring, along with near real-time fraud alerts.

      Aura's Safe Browsing tools stop harmful websites and pop-ups before they even load, while Aura’s antivirus protects all of your devices and data 24/7.

      Shop, browse, and work online safely. Try Aura free for 14 days
      Need an action plan?

      No items found.

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      What happens if you accidentally open a spam email: Header image
      Internet Security

      What Happens If You Open A Phishing Email?

      Did you accidentally open a spam email? Don't worry. Here's what Aura's security team recommends you do.

      Read More
      July 6, 2023
      How to tell if an email is from a scammer: Header image

      How To Tell If An Email Is From a Scammer [With Examples]

      Did you receive an email from PayPal or Amazon asking to confirm your account details? Could it be legitimate or a scam? Here's how to tell.

      Read More
      February 2, 2023

      Try Aura—14 Days Free

      Start your free trial today**