20 Phishing Email Examples And What Not To Fall For In 2023

How Well Do You Know Your Inbox?

Posing as well-known companies or organizations, hackers send fake emails or text messages designed to trick you into giving up sensitive data or downloading malicious software.

You’ve probably received phishing emails — some that looked suspicious, and others that seemed legitimate.

Data released by Proofpoint in 2022 revealed that 80% of respondents experienced an email phishing attack in 2021, a 46% increase from 2020 [*]. Hackers use this social engineering tactic to target victims of all ages at work and at home. In fact, data shows that almost 20% of recipients click on malicious links in phishing emails [*].

But you can prevent phishing attacks from happening to you and your loved ones by staying informed. Here are 20 common examples of phishing and how to report it if you see them in your inbox.

20 Phishing Email Examples: How To Know What To Avoid

1. Tech support phishing email
2. Tax refund scam email
3. Suspicious activity notice
4. Social media phishing email
5. Bogus payment confirmation email
6. Incorrect billing information notice
7. False iCloud update notification
8. Human Resources (HR) survey scam email
9. Google Docs scam
10. USPS phishing email
11. Fake voicemail notification
12. Bogus invoice scam
13. Email account upgrade scam
14. Dropbox phishing email
15. CEO phishing attempt email 
16. Costco phishing scam
17. Bank scam email
18. Fake app purchase prompt
19. Advanced fee scam
20. Account suspension email

1. Tech support phishing email

Using scare tactics, scammers trick you into paying for unnecessary technical support for bogus problems.

As an example, fraudsters might pose as Microsoft, which was the most spoofed brand in 2021 [*]. To convince you that there is an issue, your device glitches are presented in technical terms. (Scammers also regularly impersonate tech support brands such as in the Best Buy Geek Squad scam).

You might get an error message when you open certain files or run a scan — but there isn't any problem, and the popup is just another phishing technique.

How tech support scams work:

• In most cases, scammers ask you for money to fix nonexistent problems on your device or software. If you allow them to remotely access your computer to “fix" these alleged issues, they can install malware or ransomware.
• They’ll also ask you to pay a one-time fee or subscribe to a support service.

How to spot them:

• All communications with big companies like Microsoft start with you. Legitimate companies do not contact you via email about device issues. 
• Be vigilant about requests for remote access to your computer. 
• Refuse requests to enrol in a computer maintenance or warranty program. 
• Check the sender’s address to see if it’s from a fake domain (for example, it’s not from microsoft.com). 
• Do not comply with requests for your financial information. For example, credit card information to bill you for fake services.

2. Tax refund scam email

Impersonating the IRS is another common email phishing scam tactic. You may, for instance, receive a fake IRS email asking you to send money or personal information. 

Typically, there is a sense of urgency to the subject line. Scammers hope that you won't verify the email’s authenticity since it comes from a government agency.

How tax refund scams work:

• You will receive a message about your refund from scammers. Using a phishing link, they lead you to a fake IRS site. A typical message will state that you're eligible for a tax refund; and to receive it, you must log in to their website. 
• When you enter personal information on the site, such as your Social Security number (SSN) or bank account number, it goes straight to the scammer. 
• Installing malware on your computer is another type of common tax refund scam. You'll be asked to open an attachment; and when you do so, malicious software is downloaded to your computer. 
• In addition, scammers may ask you to attach your W-2 form so that they can update it in their system. Scammers want this information to steal your identity. 

How to spot them:

• See where the email came from. Fraudsters can use fake IRS names. Hover over their name with your mouse or cursor to see their real email address. It is a hack if it's not from a “.gov” address. 
• Protect your devices and home network with a virtual private network (VPN) and antivirus. 
• What are you being expected to do? The IRS will never ask for personal information or payment via email.
• Don’t open attachments. The IRS will likely not send you any attachments in official emails. So if you open one, the attachment may contain a virus.

3. Suspicious activity notice

Big companies prioritize email security and will prevent you from signing in without your permission. When the company notices a login attempt from a new device or location, you'll receive an email to confirm it was you. Fraudsters send versions of these emails to trick you into giving them sensitive information. 

How suspicious activity scams work:

• You'll receive an email with a warning about unusual activity on your account. The scammers will pretend to be from well-known companies like Microsoft or Wells Fargo.
• In the message, you will be told that your account has been closed and you need to call a number or click on a link to reopen it. 
• If you respond to the email, any information you give, whether by phone or on a fake website, will be recorded by the scammer. These emails look almost exactly the same as legitimate account notifications. It's hard to tell them apart.

How to spot them:

• Make sure the sender's address is from a legitimate company. In the example above, the sender’s address is @outlook.com — which is not an official Microsoft account.
• Look for bad grammar and misspelled words.
• Whenever you are asked to call a number, make sure it is an official number that you can verify. Check the company's website for contact information. 
• Check the landing page URL before entering your login information even if an email looks legitimate.

💡 Related: How To Identify (and Avoid) Apple Phishing Emails →

4. Social media phishing email

Scammers use social media phishing emails to steal personal information, sell it on the Dark Web, or access financial accounts. They also seek out corporate email addresses. A typical phishing email comes from the "support team" of a social media site, like LinkedIn. 

How social media phishing scams work:

• In the example above, "Copyright Center" from Instagram is tricking the recipient into clicking on a phishing link. The scammer states that there have been copyright violations which can be “verified” by logging into your account. 
• Even if you thought the email looked realistic, examine the sender email: mail@theinstagram.team — this is not an official Instagram address. The scammer will gain access to your data (or hack your Instagram account) if you click on the link and sign in to your "account."

How to spot them:

• The destination address of the link does not point to the purported social media site. 
• You are requested to download an attachment. 
• The sender's address does not come from the social media site's official email.
• Awkward spacing, strange email layouts, and suspicious account images are other obvious giveaways.

📚 Related: How To Protect Your Personal Information on Social Media →

Don’t Get Scammed. How To Protect Yourself From Phishing Emails

Phishing attacks come in all different shapes and sizes. But luckily, there are still some clear warning signs that you’re dealing with a scam email. Follow these tips to help protect yourself from the dangers of phishing emails:

• Learn the warning signs of a phishing attack. Scammers will try to create a sense of urgency in emails to get you to act quickly and click on malicious links (for example, claiming you owe money or need to “verify” personal information). Always slow down and check for signs it’s a scam — such as a generic greeting, typos and weird grammar, and suspicious links. 
• Always double check the sender’s email address. Scammers use lookalike or spoofed email addresses to fool you into thinking you’re dealing with someone you’re not. Check their email to make sure it comes from an official domain. If you can’t see the sender’s email, double-click or hover over their name to reveal it. 
• Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud. 
• Be suspicious of all links. Never click on links in emails from people you don’t know personally (they could lead to fake websites that steal your personal information or infect your device with malware). You can hover over a link to see where it’s sending you. If you’re at all in doubt, visit the site directly (rather than through the link in the email).
• Consider signing up for identity theft protection. Aura’s top-rated identity theft protection monitors all of your most sensitive personal information, online accounts, and finances for signs of fraud. If a scammer tries to access your accounts or finances, Aura can help you take action before it’s too late. Try Aura’s 14-day free trial for immediate protection while you’re most vulnerable.

5. Bogus payment confirmation email

In this scam, messages include fake receipts from legitimate institutions, organizations, and other service providers. The email encourages you to click on a link, download an attachment, or call a number to cancel or upgrade your subscription. 

How payment confirmation scams work:

• The "payment confirmation" email contains a brief message stating that your purchase has been completed. The message is often related to subscriptions that you pay for regularly.
• Email subject lines are capitalized to indicate urgency, making the emails appear important. 
• There may be a file attached. If you click on the file, you'll be taken to a phishing website. In this case, the scammers will ask you to log in to your account. 
• You may be asked to call a phone number to cancel or upgrade your account. A scammer will pretend to be a billing support team representative on the phone, ready to get your data. 

How to spot them:

• The email makes a false statement about charges to your debit card or bank account. 
• You are requested to contact the sender by phone to fix the account. 
• Subject lines contain a string of letters and numbers, with phrases like “PAYMENT DONE.”

6. Incorrect billing information notice

Typically, these scams come from companies with large user bases. Squarespace powers a lot of websites; so if you get an email from them, you're more likely to take action. 

How incorrect billing scams work:

• These emails state that your account will be suspended if you don't update your billing information. Phishers use urgency to persuade you to click on a phishing link. Because you trust the Squarespace domain name, you likely won't check if the email is legitimate. 
• There are high-quality branding elements in the email, like a logo and brand colors. You'll also see a deadline (e.g., in three days your account will be suspended) and a link. You're taken to a fake Squarespace page once you click on the link. 
• By logging in with your email address and password, the scammer records your information and returns an incorrect password notification. 

How to spot them:

• Look for false urgency. Subject lines that say “Final Notice” create panic and will encourage you to take action. But most companies will not send an urgent email if it’s their first contact. 
• Check to see if the logo is pixelated or cut off in different areas of the email. 
• Look for bad grammar and misspelled words. 
• If the email does seem legitimate, make sure the URL on the landing page is from an official domain. 

7. False iCloud update notification

In an iCloud update scam, hackers attempt to hack your Apple ID and password. This information is required to use Apple services such as the App Store, FaceTime, iMessage, and iCloud.

Contact and payment information is also stored in your Apple account. A hacker who gets hold of your ID and password can use it, or sell it on the black market. Your documents, photos, and app history will be available to them. They can even rent and buy movies through your account. 

How false iCloud update scams work:

• You will receive an email that appears to be a real Apple support email, but it's a scam. In the message, you will be told that if you don't act, you won't be able to access your account.
• The scammer in the example above tells the recipient that they will lose access to iCloud, iPhone, or App Store features if they fail to update their information. 
• By clicking the “Sign In and Review” button, you'll be taken to a fake website. Inputting your information on the website will give the hacker access to your accounts.

How to spot them:

• Check the address from which the email was sent. The name may say “Support,” but if you click on the name you’ll see that the address is not from an official Apple account. 
• Look for catchy or mysterious subject lines like “iCloud account limited for security reasons.” — this is a red flag. Apple doesn’t send out emails like that. 
• Be aware of poor design. Notice how the text is aligned to the left on the button in the example above. Apple, a design-focused company, would not send an email with misaligned elements. 

📚 Related: Scammed on Apple Pay? Here's How To Get Your Money Back →

8. Human Resources (HR) survey email scam

‍HR survey email scams come in many forms. The most common tactic is for scammers to pose as a well-known brand and institution, such as UCLA, and ask for your participation in a survey. 

How HR survey scams work:

• You'll be asked for your opinion about "someone you know" for a program or promotion. The sender doesn’t actually care about your opinion — the goal is for you to click on a link that leads to a phony survey website. 
• Once you do, the scammer will record any information that you enter, and can use it to either access other online accounts or sell it on the black market. The link could also launch malware that scrapes sensitive information from your computer. 

How to spot them:

• A survey asks you to provide private data like your Social Security number, credit card information, or bank account information. 
• The message contains bad grammar, misspellings, or weird word choices. Legitimate companies doing polling or seeking feedback edit their messages. 
• The email comes from an unknown or publicly available domain. 
• You don’t know the person about whom they are requesting information. 
• The message is random and unexpected.

9. Google Docs scam

‍In May 2017, a phishing scam known as "the Google Docs worm" spread across the internet, causing havoc for users [*]. Fraudsters stole emails and contact lists from Gmail accounts by impersonating Google Docs through special web apps. This method worked because people believed that the requests came from their friends. 

When recipients granted access, the scam email would automatically be sent to their contacts. Wired’s newer reports show that the scam is still prevalent, despite Google's effort to contain it [*].

How Google Docs scam works:

• If you click on the link, you're taken to a page hosted by Google that lists your Google accounts. You will be asked to choose a Google account and provide access to "Google Docs," a fake third-party app.
• By clicking "Allow," this fake Google Docs app can read your emails and send scam emails to your contacts. The worm will eventually infect everyone who has ever emailed you.

How to spot them:

This is a tough one to spot before falling for it. But you can check the small “Google Docs” link on the Google-hosted page and review the app permissions. The real Google Docs has access to your account by default. If you see an app called “Google Docs,” remove it.

10. USPS phishing email

‍Fraudsters who pose as USPS representatives often claim that your delivery requires a response from you. If you’ve ordered anything online from outside the U.S., your package may get held up in customs. Fraudsters take advantage of this possibility to steal your information. 

How this USPS scam works:

The email will claim to be from USPS, stating that your package cannot be delivered. You'll be asked to update your shipping information after you click on the phishing link. Any data you enter this way will be stolen by scammers.

How to spot them:

• If you are not expecting any packages from USPS, this email is a scam. 
• If the support email address is not from @usps.gov, it is a scam.
• Look for urgency tactics and forceful language such as, “we will return your package if you don’t respond in 48 hours.”
• Check for poor design and logo misuse. 

📚 Related: Change-of-Address Scam: Why Scammers Want Your Address →

11. Fake voicemail notifications

False voicemail notifications are another type of fraudulent email scam. In this scam, fraudsters disguise emails as voicemail notifications, and either download malware on your device or steal your login credentials through a fake website. 

How fake voicemail scams work:

• You download a .wav file and it infects your computer with malware.
• An email includes a fake voice message. Clicking to preview the voicemail leads you to a phishing site. Providing your information could result in the loss of sensitive or financial data, or lead to stolen identity. 

How to spot them:

• If you haven’t signed up to receive voicemails in your email, then messages like this are fraudulent. 
• If there are no links in the email — and just an attachment WAV file — it is a scam.
• Check to see if the sender comes from an unknown source. In this case, the sender name and email don’t match.
• If links in the message do not lead to a reputable domain, it is a scam. 

12. Bogus invoice scam

Bogus invoice scams are becoming more popular among consumers, small businesses, and crypto users. Scammers pose as popular sites to get access to users’ crypto wallets, money, personal data, or account information. 

An example could be a fake PayPal invoice requesting that you pay $35 to the World Health Organization. Or, you may receive an email like the one above — indicating that you paid someone $44.98. 

How bogus invoice scams work:

1. The first type involves an attachment invoice. When you download the attachment, the scammer downloads malware to your computer. 
2. The second type occurs when the email requests that you “confirm the payment” by logging into your account. The website is fake; and once you provide your account information, the scammers have it. 

How to spot them:

• Poor design is a clear giveaway for spotting this scam. The PayPal logo used in the above example looks pixelated. 
• The email opens with “Hello, Customer” — another giveaway. If you are not being addressed by name in the invoice, it is likely a scam.

📚 Related: Scammed on PayPal? Here's What To Do →

13. Email account upgrade scam

Spam campaigns announcing email account upgrades are another type of phishing email. In this scam, the sender poses as a well-known email service provider, like Google or Outlook. The message states that you will lose your email service if you do not upgrade or update your account. 

How email account scams work:

• This email directs recipients to a phishing website that looks just like a sign-in page for an email account. The scammer records your login credentials when you enter them on the webpage. 
• The attackers can then access your email account, steal sensitive information, or sell your data on the Dark Web. Subject lines deliberately elicit urgency  (e.g., "Action Required!") so that you'll open the email. 

How to spot them:

• The email doesn’t address you by name; instead it reads “Dear User” or something similar.
• Words spelled with all-capitalized letters are used to make you fearful. Professional and authentic notifications from email service providers will not shout at you through email.
• The website link is not an official domain. 
• The email contains odd words and misspellings (for example, in the message above: “We are upgrading our E-MAIL database”). A legitimate company wouldn’t write that way.
• The sender's address is not an official email address. 

14. Dropbox phishing email

It’s not uncommon that important documents like contracts and financial records are sent via email. Scammers take advantage of this to deliver malware to unsuspecting users' devices. A common phishing email scam impersonates Dropbox, a popular file-sharing platform. 

How Dropbox phishing scams work:

• The email will look like an official notification from Dropbox. It may match the design, layout, and friendly tone that the file-sharing platform is known for. 
• The message tells recipients that they have a document to review, and they can do so by pressing a call to action (CTA) on the email.
• This takes you to a "Dropbox" website where you download the infected files. 
• By entering your login credentials on the phishing website, the scammer can use your email and password for access to your other accounts such as Facebook, PayPal, or email. 

How to spot them:

• Check the URL behind any button before clicking on it. Only click on links that come from the official Dropbox domain (such as dropbox.com or dropboxmail.com). 
• If you don’t trust a link in the email, go directly to the official login for Dropbox and check your files. 
• If you don’t know who sent you the email, don’t click on any links. 

15. CEO phishing attempt

CEO fraud is a type of spear-phishing in which the scammer impersonates your CEO or another company executive, such as the CFO or Head of HR.

Scammers use the credibility and authority of these people to extract information or money. Employees are unlikely to question a request from their CEO.

How CEO phishing scams work:

• Spoofing: A scammer uses your CEO’s name but a different email address. The email address may seem similar to your company’s domain — but with a few minor differences. The scammer hopes that you won’t notice the fake address and will rush to act. 
• Business Email Compromise (BEC): The scammer uses the CEO’s real name and address in this type of CEO phishing attempt. But, the  reply-to address is different from the sender address — so your response will be sent to the scammer.

How to spot them:

• You receive requests to pay an invoice or make a wire transfer. 
• You are asked to buy an unusual amount of gift cards. 
• You are asked to download an attachment (that will install malware onto your device).
• The request is urgent and has an impending payment deadline.

📚 Related: Can Someone Hack Your Phone With Just Your Number? →

16. Costco phishing scam

In Costco scams, fraudsters use the brand's name and reputation to steal personal information.  They attempt to convince you that you are receiving communications from Costco, a company that you trust.

How Costco phishing emails work:

• A payment request may be included in the emails you receive. To fool you, scammers will use a variety of tactics, including special offers, rewards, and cart abandonment emails. 
• These messages will contain phishing links. Upon clicking on the link, you will be taken to a fake website where you will be asked to enter your sensitive personal information. 

How to spot them:

• You receive unsolicited emails from Costco that ask for personal information. 
• You receive an order confirmation for something you didn’t order from Costco.
• Check who sent the email. If contact links do not end in @costo.com, it is a scam. 
• Be aware of typos and misspellings. 

📚 Related: The 10 Worst Walmart Scams & Fraudulent Schemes of 2022 →

17. Bank scam email

When your bank contacts you, you take note. You may receive an email, text, or phone call from your bank if they detect suspicious activity on your account. 

Cybercriminals take advantage of this by sending you fraudulent emails related to account withdrawals and transactions. Their goal is to obtain sensitive information like your username, password, and account information. 

How bank scams work:

• Bank scam emails work like other phishing schemes. Scammers will impersonate your bank, whether it's Chase, Wells Fargo, Bank of America, or any other financial  institution. 
• The email includes fake transactions or withdrawals made on your account. It is possible for criminals to steal your identity or drain funds from your bank account using the information you provide. 

How to spot them:

• Examine the sender details. What is the sender's email address? Does it come from your bank's official domain? You should not respond to or interact with any messages from an unknown sender. 
• Look for unusual language. Scam emails often contain spelling and grammar errors, as well as unusual formatting, such as ID numbers and exclamation points. 
• If you receive an urgent message asking you to verify your identity or unlock your account, it is probably a phishing attempt. 

18. Fake app purchase prompt

Of the many App Store scams, one to watch out for entails fake app installation or purchase prompts. This is a phishing scam in which someone sends you a fake invoice for an app you supposedly bought. 

How fake app installation scams work:

• An email with the subject line "Successful payment for [some] app" will appear in your inbox. It's probably an app you didn't download, and there's a serial number in the subject line. You click through to find out what payment they are referring to. 
• The email is in plain text, which Apple probably wouldn't send, and there is an “invoice” attached. If you want to view, manage, or cancel the application, you will be asked to open the attached "invoice." The vagueness of the message will lead you to open the attachment to learn more. 
• By opening the attachment, the attacker might install a virus, spyware, or other type of malware on your device. There will also be an option to "Report a Problem." Clicking on the link, however, takes you to a phishing website designed to steal your information. 

How to spot them:

• Your name doesn’t appear in the email’s “To” address. Instead, you’re BCC’d on the email, which means it was a mass email sent to many people. A legitimate payment email would only be sent to you.
• There is no mention of Apple or the App Store in the sender's email address. 
• Read carefully to spot poor grammar and misspellings. 
• The email’s language is impersonal from beginning to end. Scam emails will refer to you as “Dear Customer” and say odd things like, “thank you again for trusting us.” 

19. Advance-fee scam

You probably remember the old Nigerian Prince emails from the 1990s. Also known as 419 fraud, these were among the first examples of email fraud.

Bad actors send emails asking for money through advanced fees and bank drafts. There have been variations of the advance-fee scam over the years, as displayed in the email above from alleged military personnel.

How advance-fee scams work:

• Scammers usually start with an elaborate story to get you emotionally involved. The message appears harmless at first glance, and you rationalize that you're only giving away your address and contact information. But that's already valuable information for a scammer, and it's only the beginning.
• If you respond to the email, the scammer will likely ask you for more information, such as bank account access, in order to deposit or withdraw funds. Scammers may also ask you to pay a fee to make a large transaction possible. 
• The more time that they invest in the correspondence, the more money they will be able to steal. If the victim is unaware, these schemes can go on for months. 

How to spot them:

• You receive a suspicious email from someone claiming to be a diplomat, prince, dignitary, or army official. 
• The scammer promises you a share of a big fortune in exchange for your help. 
• The scammer stresses urgency so that you’ll act quickly.

📚 Related: How To Spot a Military Romance Scam: 17 Warning Signs →

20. Account suspension email

Sending account suspension emails is another popular phishing scam that fraudsters use. They pretend to be from an institution, such as Bank of America, and claim your account has been suspended.

You may also receive these emails from a bank, cell phone provider, or other well-known company like Amazon. 

How account suspension scams work:

• In the message, the scammer will instruct you to click on links for more information about how to reactivate your account. Many of these links contain malware. The scammer asks for personal information, such as your passwords and account numbers.  
• If you click on the link, it could infect your computer, phone, or tablet. If you provide any information, the scammer can hack your account. 

How to spot them:

• The sender’s name and email address may appear legitimate. But look out for extra wording such as “fraud department.” 
• Take note of short and vague subject lines.
• The sender requests your password.

Ready for a Phishing Test? Remember These Signs

There are over three billion phishing emails sent per day [*]. Chances are, if you haven’t seen one yet, you will eventually.

Watch out for these telltale signs in the future:

• Grammatical errors or misspelled words
• Odd URLs not related to an official domain
• Unusual or impersonal salutations
• Urgent or threatening tone
• Unrelated sender name and email address
• Poor-quality logos
• Large CTAs to unfamiliar websites
• Unprompted email attachments
• Direct requests for PII (Personally Identifying Information) via email
• Signs of brand spoofing

Ready for ironclad identity theft protection? Try Aura 14-days free →