phishing

Phishing Examples & Simulations

Learn to spot phishing attacks by studying real-world examples. Understand the tactics attackers use and how to defend against them.

warning

These are educational examples. Never click links or enter credentials on real phishing emails.

Common Phishing Attack Types

Phishing comes in many forms. Learn to recognize each type.

key

Credential Harvesting

Fake login pages designed to steal usernames and passwords. Often impersonates Microsoft, Google, or banking sites.

trending_up Most common attack type
person

Business Email Compromise (BEC)

Attackers impersonate executives or vendors to trick employees into wire transfers or sharing sensitive data.

attach_money Highest financial impact
target

Spear Phishing

Highly targeted attacks using personal information to appear legitimate. Often targets specific individuals or roles.

person_search Highly targeted
attach_file

Malware Delivery

Emails with malicious attachments or links that install ransomware, keyloggers, or other malware.

bug_report Often uses Office docs
qr_code

Quishing (QR Code Phishing)

Malicious QR codes in emails or documents that lead to phishing sites when scanned.

trending_up Growing rapidly
sms

Smishing (SMS Phishing)

Phishing via text message. Often impersonates banks, delivery services, or government agencies.

smartphone Bypasses email filters

Phishing Email Examples

Study these examples to sharpen your detection skills.

Credential Harvesting High Risk
From: Microsoft 365 <no-reply@m1cr0s0ft-365.com>
Subject: Your account will be suspended

Your Microsoft 365 subscription has expired. Click below to update your payment method within 24 hours or your account will be permanently deleted.

Update Payment

Red Flags:

  • • Suspicious domain: m1cr0s0ft-365.com
  • • Urgency and threat (24 hours)
  • • Generic greeting
Business Email Compromise High Risk
From: John Smith <john.smith@company-corp.com>
Subject: Urgent - Wire Transfer Needed

Hey, I need you to process a wire transfer for a confidential acquisition. Can you handle this today? I'm in meetings all day so email only please.

Thanks, John

Red Flags:

  • • Lookalike domain: company-corp vs company
  • • Urgency and secrecy requests
  • • Request to avoid phone verification
Credential Harvesting Medium Risk
From: DHL Express <delivery@dhl-tracking-info.com>
Subject: Package delivery failed - Action required

We attempted to deliver your package but no one was available. Please confirm your address to reschedule delivery.

Reschedule Delivery

Red Flags:

  • • Non-official domain
  • • No tracking number provided
  • • Generic - no specific package details
Spear Phishing High Risk
From: IT Helpdesk <support@1t-helpdesk.com>
Subject: Password expiration notice

Hi [Your Name], Your password expires in 2 hours. Click here to reset it now to avoid losing access to your account and files.

Reset Password

Red Flags:

  • • Spoofed sender: 1t vs IT
  • • Extreme urgency (2 hours)
  • • External domain for internal IT

How to Spot Phishing

link

Check URLs

Hover over links before clicking. Look for misspellings and suspicious domains.

schedule

Question Urgency

Legitimate requests rarely demand immediate action with threats.

email

Verify Sender

Check the actual email address, not just the display name.

call

When in Doubt, Call

Contact the sender directly using a known number to verify.

Test Your Team's Phishing Awareness

Run realistic phishing simulations and see who needs additional training.

calendar_month Schedule Demo Back to Resources