選單
中文 (繁體)

Phishing email examples

Phishing is a type of online scam used by criminals to extract sensitive information: first and last names, account passwords, and bank card codes. Scammers pose as well-known brands, companies, or trusted individuals and send messages under their names via email, SMS, or social media. Clicking on bogus links or downloading infected files often leads to fraudsters gaining access to users’ personal information.

Phishing emails typically work by exploiting human trust and urgency to trick recipients into revealing personal information or downloading malicious software. These emails often mimic reputable organizations, using logos, language, and sender addresses that look authentic. The message usually contains an alarming or enticing prompt — such as a security alert, account suspension, or an attractive offer — to create a sense of urgency. This leads the recipient to click on a link directing them to a fraudulent website, where they're asked to enter sensitive details like passwords, credit card numbers, or other private data. Some phishing emails also include attachments, which can install malware or spyware on the user’s device when opened.

How to identify phishing emails

Phishing emails are designed to trick you into revealing sensitive information, such as passwords or financial details, by posing as legitimate organizations. To protect yourself from phishing attacks, it's important to recognize common warning signs:

  • Suspicious sender address: Phishing emails often come from email addresses that look unusual or slightly altered. A legitimate company would typically use a professional domain (e.g., support@paypal.com), but phishing emails may use something like support@pay-pal.com or a random, unrelated domain.

  • Urgent or threatening language: Phishers frequently try to create a sense of urgency or fear to compel you to act quickly. Phrases like “Your account has been compromised!” or “You must take action now or lose access!” are red flags.

  • Unsolicited attachments: Legitimate companies rarely send attachments out of the blue, especially ones you haven’t requested. Phishing emails may include attachments that, once downloaded, can install malware on your device.

  • Strange links: Phishing emails often include links that appear legitimate at first glance but redirect to malicious sites. Hover your mouse over a link to preview the destination URL without clicking it. If the link looks suspicious or doesn't match the official website of the company, do not click it.

  • Grammatical errors and poor formatting: Many phishing emails are poorly written, containing noticeable spelling and grammatical mistakes. Reputable companies typically take care to ensure that their communication is professional and error-free.

  • Requests for sensitive information: Legitimate companies will never ask you to share personal or financial information (like your passwords, Social Security number, or credit card details) via email. If you receive such a request, it’s almost certainly a phishing attempt.

  • Too-good-to-be-true offers: Be cautious of emails that offer unrealistically good deals or prizes, especially if you didn’t sign up for any contest. Scammers often use enticing offers to lure you into clicking on malicious links.

13 phishing email examples

Let’s look at the most common examples of phishing emails and list some of the ways to spot them.

Urgent action required

Phishing email example: "Your account will be suspended if you do not update your information immediately. Click here: [link]."

How to spot it:

  • Urgency: The email urges you to act quickly by claiming that your account is in danger of being suspended.

  • Emotional manipulation: By instilling fear, it pushes recipients to make hasty decisions.

  • Suspicious links: The link leads to a malicious website designed to steal personal information for identity theft.

Fake invoice

Phishing email example: Invoice #12345 for [amount] is past due. Pay now to avoid late fees. Click here: [link].

How to spot it:

  • Urgency and pressure: The email falsely claims a payment is overdue and threatens late fees to encourage quick action.

  • Generic information: The email often uses round invoice numbers and amounts and lacks personalization. If the invoice does not include the recipient's name, uses generic forms of address such as "Dear Customer" or "Dear User," or includes very little detail, this all can be a sign that the message may have been sent in bulk without regard to the relevant data.

  • Suspicious links: Clicking on the link takes you to a malicious website designed to steal payment information or install malware.

Password reset

Phishing email example: "You have requested a password reset. Click here to reset your password: [link]." or "Your password has recently been changed. Click here to view the changes: [link]."

How to spot it:

  • False claim: The email states that a password reset has been requested, even though the recipient has never made such a request.

  • Urgency: Urges the recipient to act quickly to protect their account.

  • Suspicious links: The link takes the recipient to a spoofed login page designed to steal credentials.

Lottery win

Phishing email example: "Congratulations! You've won the lottery! Claim your prize by clicking here: [link]."

How to spot it:

  • Exciting offer: The email claims you've won a lottery you never entered, using excitement to lower your guard.

  • Urgency to claim: Urges you to act quickly to claim your "prize," causing you to click without thinking.

  • Suspicious links: The link often leads to a bogus page that asks for personal information or payment of fees.

  • Too good to be true: Offers that sound too good to be true are usually fraudulent.

  • Suspicious sender: The email often comes from an unknown or suspicious email address.

Securing social media account

Phishing email example: "Someone is trying to access your account. Click here to secure your account: [link]."

How to spot it:

  • Fear tactic: The email falsely claims that someone is trying to access your social media account, causing alarm.

  • Urgency to act: Urges immediate action to "secure" your account, prompting a hasty response.

  • Suspicious links: The link takes you to a fake login page designed to steal your username and password.

  • Lack of personalization: The message may not address you by name, a common phishing red flag.

  • Suspicious URL: Hovering over the link may reveal a domain that doesn't match the official social media site.

Fake shipping notification

Phishing email example: "Your order has been shipped. Click here to track your package: [link]."

How to spot it:

  • Deceptive appearance: The email mimics a legitimate shipping or retail notification, making it easy to fall for.

  • Urgency to act: Suggests that your package is on its way and urges you to act quickly and click the tracking link.

  • Suspicious links: The link takes you to a malicious website where attackers collect personal or financial information.

  • Lack of personalization: The email may not reference your name, order number, or specific details, raising suspicion.

  • Suspicious URL: Hovering over the link often reveals a website address that doesn't match the official shipping company or retailer.

Job offer

Phishing email example: "Congratulations! You've been selected for an employment opportunity. Click here to learn more: [link]."

How to spot it:

  • Excitement tactic: The email uses a congratulatory message about a job opportunity to create excitement and grab the recipient's attention.

  • Urgency to act: Encourages immediate action to "learn more" about the job opportunity, pushing the recipient to click on the link without verifying its authenticity.

  • Suspicious links: The link leads to a fake job board or company website designed to collect personal information such as your resume, contact details, or even financial information under the guise of processing your application.

  • Lack of personalization: The email may not address you by name or include specific details about the job that are typical of real job offers.

  • Suspicious URL: Hovering over the link often reveals a URL that doesn't match the official domain of the purported company or job board, indicating a potential scam.

Fake tech support

Phishing email example: "Warning! Your computer has been infected with a virus. Click here to download antivirus software: [link]."

How to spot it:

  • Create panic: The message creates a sense of urgency and fear by warning that your computer is infected, and urges you to act quickly without verifying the claim.

  • Call to action: The email or popup encourages you to click a link to "download antivirus software," urging you to take immediate action.

  • Suspicious links: The provided link takes you to a fake tech support page or prompts you to download malicious software disguised as legitimate antivirus software.

  • Impersonal approach: The message may not address you personally or provide specific details about your computer, which is unusual for genuine tech support communications.

  • Suspicious URL: Hovering over the link often reveals a URL that doesn't match the official website of the purported tech support company, indicating a potential scam.

Fake customer service

Phishing email example: "We need to update your customer information. Click here to provide your information: [link]."

How to spot it:

  • Tactic of authority: The email pretends to be from customer service, implying that it's coming from a trusted source to get you to comply.

  • Urgency to act: The message urges you to update your information immediately, creating a sense of urgency to prompt a quick response without verifying authenticity.

  • Suspicious links: The link takes you to a fraudulent site designed to collect sensitive information such as login credentials, payment details, or personal information under the guise of updating your customer profile.

  • Lack of personalization: The email may not address you by name or reference specific details about your account, a common red flag in phishing attempts.

  • Suspicious URL: Hovering over the link reveals a web address that doesn't match the company's official domain, suggesting it's part of a phishing scam.

Fake delivery update

Phishing email example: "Your package has been delayed. Please click here to update your shipping address: [link]."

How to spot it:

  • Posing a problem: The email presents a problem with delivery, creating a sense of inconvenience that makes the recipient want to resolve it quickly.

  • Urgency to act: By implying that delivery is delayed, the email urges immediate action to update the delivery address, pressuring the recipient to click on the link without verifying the source.

  • Suspicious links: The link leads to a fraudulent website designed to steal personal and financial information, such as your address, payment details, or even passwords, under the guise of resolving delivery issues.

  • Lack of personalization: The email may lack specific details about the package, such as a tracking number or the name of the delivery company, which is typical of phishing scams.

  • Suspicious URL: Hovering over the link usually reveals a suspicious or unofficial web address, often unrelated to a legitimate shipping or delivery service.

Fake social media notification

Phishing email example: "Your friend has tagged you in a photo. Click here to see it: [link]."

How to spot it:

  • Curiosity tactic: This type of email preys on the recipient's natural curiosity about being tagged in a photo, encouraging them to click without hesitation.

  • Urgency to act: The promise of a new social media notification entices users to act quickly and click on the link before considering whether it's legitimate.

  • Suspicious links: The link typically redirects to a fake login page or a malicious site designed to steal login credentials, personal information, or even install malware on your device.

  • Lack of personalization: The email may not mention the name of the friend who supposedly tagged you, making it more generic — a common sign of phishing.

  • Suspicious URL: Hovering over the link usually reveals a non-social media domain, signaling that it's part of a phishing scheme designed to exploit users' social media habits.

Prize scam alert

Phishing email example: "You have won a prize! Click here to claim it: [link]."

How to spot it:

  • Excitement tactic: This message preys on the excitement of winning something in a lottery, giveaway, or in an online game, encouraging users to click the link out of eagerness to claim their prize.

  • Urgency to act: By suggesting that you've won something, it creates a sense of urgency that encourages users to click quickly without verifying the email's legitimacy.

  • Suspicious links: The link often takes users to a phishing site designed to harvest personal information, or it could lead to a download that installs malware on the device.

  • Lack of personalization: The notification may lack specific details about the alleged game, lottery, giveaway, or about the supposed prize, which is a red flag for phishing attempts.

  • Suspicious URL: Hovering over the link usually reveals a suspicious or unrelated domain, indicating that the link is not truly associated with the event.

Fake account verification email

Phishing email example: "Verify your account by clicking here: [link]."

How to spot it:

  • Curiosity tactic: The email creates a sense of importance around verifying an account, encouraging users to click the link to avoid potential problems with their account.

  • Urgency to act: By suggesting that verification is necessary, it encourages users to act quickly without considering the legitimacy of the email.

  • Suspicious links: The link may lead to a fake verification page that steals login credentials or personal information when users enter their details.

  • Lack of personalization: The email may not include specific details about the user's account or how it's related to the verification request, a common indicator of phishing.

  • Suspicious URL: Hovering over the link typically reveals an inauthentic domain, signaling that this is a phishing attempt designed to trick users into revealing sensitive information.

Conclusion

Phishing emails are becoming increasingly sophisticated, making it harder for users to spot these scams. By examining common examples such as fake prize notifications, fraudulent password change alerts, and deceptive account verification requests, you can learn to recognize red flags such as suspicious links, generic greetings, and urgent calls to action. Being aware of phishing tactics and practicing safe online habits is essential to protecting your personal information. Remember, always verify the legitimacy of an email before clicking on links or providing sensitive information, and report suspicious emails to help combat cyber threats.

喜歡這篇文章嗎?
19,274 19274 使用者評論
極好的!

AdGuard for Windows

Windows 版 AdGuard 不只是廣告封鎖程式,它是集成所有讓您享受最佳網路體驗的主要功能的多用途工具。其可封鎖廣告和危險網站,加速網頁載入速度,並且保護兒童的線上安全。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for Mac

Mac 版 AdGuard 是一款獨一無二的專為 MacOS 設計的廣告封鎖程式。除了保護使用者免受瀏覽器和應用程式裡惱人廣告的侵擾外,應用程式還能保護使用者免受追蹤、網路釣魚和詐騙。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for Android

Android 版的 AdGuard 是一個用於安卓裝置的完美解決方案。與其他大多數廣告封鎖器不同,AdGuard 不需要 Root 權限,提供廣泛的應用程式管理選項。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for iOS

用於 iPhone 和 iPad 的最佳 iOS 廣告封鎖程式。AdGuard 可以清除 Safari 中的各種廣告,保護個人隱私,並加快頁面載入速度。iOS 版 AdGuard 廣告封鎖技術確保最高質量的過濾,並讓使用者同時使用多個過濾器。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard 內容阻擋器

AdGuard 內容阻擋器將消除在支援內容阻擋器技術之行動瀏覽器中的各種各類廣告 — 即 Samsung 網際網路和 Yandex.Browser。雖然比 AdGuard for Android 更受限制,但它是免費的,易於安裝並仍提供高廣告封鎖品質。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard 瀏覽器擴充功能

AdGuard 是有效地封鎖於全部網頁上的所有類型廣告之最快的和最輕量的廣告封鎖擴充功能!為您使用的瀏覽器選擇 AdGuard,然後取得無廣告的、快速的和安全的瀏覽。
19,274 19274 使用者評論
極好的!

AdGuard 助理

AdGuard 桌面應用程式的配套瀏覽器擴充功能。它為瀏覽器提供了自訂的元件阻止的功能,將網站列入允許清單或傳送報告等功能。
19,274 19274 使用者評論
極好的!

AdGuard DNS

AdGuard DNS 是一種不需要安裝任何的應用程式而封鎖網際網路廣告之極簡單的方式。它易於使用,完全地免費,被輕易地於任何的裝置上設置,並向您提供封鎖廣告、計數器、惡意網站和成人內容之最少必要的功能。
19,274 19274 使用者評論
極好的!

AdGuard Home

AdGuard Home 是一款用於封鎖廣告 & 追蹤之全網路範圍的軟體。在您設置它之後,它將涵蓋所有您的家用裝置,且為那您不需要任何的用戶端軟體。由於物聯網和連網裝置的興起,能夠控制您的整個網路變得越來越重要。
19,274 19274 使用者評論
極好的!

AdGuard Pro iOS 版

除了在 Safari 中之優秀的 iOS 廣告封鎖對普通版的用戶為已知的外,AdGuard Pro 提供很多功能。透過提供對自訂的 DNS 設定之存取,該應用程式允許您封鎖廣告、保護您的孩子免於線上成人內容並保護您個人的資料免於盜竊。
透過下載該程式,您接受授權協定的條款
閱讀更多
19,274 19274 使用者評論
極好的!

AdGuard for Safari

自 Apple 開始強迫每位人使用該新的軟體開發套件(SDK)以來,用於 Safari 的廣告封鎖延伸功能處境艱難。AdGuard 延伸功能可以將高優質的廣告封鎖帶回 Safari。
19,274 19274 使用者評論
極好的!

AdGuard Temp Mail

免費的臨時電子郵件地址產生器,保持匿名性並保護個人隱私。您的主收件匣中沒有垃圾郵件!
19,274 19274 使用者評論
極好的!

AdGuard Android TV 版

Android TV 版 AdGuard 是唯一一款能封鎖廣告、保護隱私並充當智慧電視防火墻的應用程式。取得網路威脅警告,使用安全 DNS,並受益於加密流量。有了安全性和零廣告的使用體驗,使用者就可以盡情享受最喜愛的節目了!
已開始下載 AdGuard 點擊箭頭所指示的檔案開始安裝 AdGuard。 選擇"開啟"並點擊"確定",然後等待該檔案被下載。在被打開的視窗中,拖曳 AdGuard 圖像到"應用程式"檔案夾中。感謝您選擇 AdGuard! 選擇"開啟"並點擊"確定",然後等待該檔案被下載。在被打開的視窗中,點擊"安裝"。感謝您選擇 AdGuard!
在行動裝置上安裝 AdGuard