AbleToTrain by Willing & Able

Examples of phishing emails

Phishing attacks targeting employees are not only increasing, but also becoming more sophisticated. Here are some examples of the most popular and successful phishing emails.

Fake invoice fraud

Let’s start with arguably the most popular phishing template, the fake invoice technique. Like many phishing attacks, this scam relies on fear and urgency, prompting end users to pay for goods or services that they have not ordered or received. Treasury is an obvious target for this type of attack, but there are many potential victims who can be fooled.

Email account upgrade scam

Given that your account will expire if you don’t take immediate action, the email account upgrade scam seems to come from a trusted email provider such as Microsoft or Google, or just from your company’s IT department. Тhere is nothing malicious in this email. There are no obvious syntax errors or complex queries, and the link itself appears to point to a secure “https” web page to an unprotected user. The text itself often does not represent the true target of the link, so it is useful to hover over the link itself when prompted for personal information.


Perhaps receiving an email from a foreigner asking for your help to regain the trapped amount is a silly excuse for elaborate stories. But don’t be fooled. This scam has been around for some time and there are good reasons for it to work.

Nigerian Phishing Scams emails – scammers offer large sums of money in exchange for your bank information. Not only will you not receive a penny from this friendly prince, you will see some of your money going in the opposite direction.

Google Docs Scam

One of the latest hottest phishing techniques, the Google Docs scam adds a particularly ominous twist because the sender often looks like someone you know.

For this highly sophisticated email, we recommend that you click the link to view the “Documents” and go to almost the same version as your Gmail login page. Once the account is selected, you will be asked to grant access to your Google account, giving the attacker a freehand.

PayPal Scam

With around 200 million users, PayPal is an incredibly lucrative tool for a cyber criminal. PayPal offers fraudsters the chance to take advantage of a platform linked directly to your credit card or bank account.

These emails looks legit and often include the logo, plus a convincing print at the footer of the email. Again, this scam tries to enforce panic mode into its victims, often with a “There`s a problem with your account, please click here to fix it” kind of message. Beware, they also contain legitimatelooking fine print.

HR Scam

We all are got used to trust our HR team, especially when it comes to receiving highly important emails relating to company or personal updates. The problem is, cyber criminals know just how much trust we place in our HR colleagues.

A HR email scam often contains a malicious attachment or link that, once clicked, will install malicious software onto your computer or device. Before clicking Submit, ask your colleague to ask the HR sender directly if your request for personal information is legitimate.

Dropbox Phishing Scams

The same old story of encouraging users to click a link, but using a whole new platform. Dropbox, an online sharing and storage platform, has become very popular in recent years, as has its rogue impersonators.

Dropbox phishing emails usually work by notifying the user of a “file”. The email sent by email is too large and you need to “click this link” to open it. You’re probably already guessing that a fake Dropbox landing page is waiting for you … and you’re right. As you can imagine, this page is actually inside the Dropbox itself and may be patiently waiting for data to be collected.

The Council Tax Scam

The council tax scam is a particularly frustrating attack, as it can use a variety of clever messages that convince you to part ways with your details.

Here are a few more examples of what a fraudulent tax email may contain:

  • It insists you`re in the wrong Council Tax band and are owed back payments on your Council Tax bill, when in fact your band is correct;

  • It says they`re from the local council or Valuation Office Agency (VOA) and ask for your bank details so they can provide a refund;

  • Claim that the VOA charges you to challenge your Council Tax band;

  • Claims that taxpayers must, by law, be represented by an agent to challenge their band.

Password has expired phishing scam

Users are encouraged to click the link in the email with main goal to be directed to a legitimate page (i.e., Facebook) where they are could update their password. But, any credentials entered into this page will be stolen by cybercriminal gangs.

Anomalous Activity Phishing Scams

An attacker could use any app, website, or platform in this malicious manner, whether it’s a bank or Instagram account.

It’s good to know what a phishing scam looks like, but it’s not enough to protect you and your business.

Now that we’ve seen some of the most popular examples of phishing templates, we need to do more to truly protect businesses and users from being victims of growing campaigns. I have. Employees not only see what the most popular scams look like, but also how to find less noticeable signs, report scams, and avoid disclosing valuable information that may be scams. Raising awareness is very important for attackers.