Email Phishing Examples: Spot the Fakes

Got a suspicious email?

Copy the email text and check it with our free scam detector.

Phishing emails are getting scary good. AI helps scammers write perfect English, copy brand styles pixel-perfectly, and target victims with personalised attacks. Even tech-savvy people get caught.

Quick Verdict

What it usually is: Fake login pages to steal credentials, malware disguised as invoices, or payment redirection scams.

Who gets targeted: Everyone. Business email compromise (BEC) targets companies; credential phishing targets individuals.

Red Flags to Look For

Sender address doesn't match — "Netflix" but from netflix-billing@mail-service.com
Generic greetings — "Dear Customer" instead of your actual name
Urgency and threats — "Your account will be suspended in 24 hours"
Unexpected attachments — Invoice.pdf.exe, Document.docm, or ZIP files
Links to wrong domains — Hover (don't click) to see the real URL
Requests for sensitive info — Passwords, 2FA codes, card numbers
Too good to be true — "You've won!" or "Unclaimed refund awaiting"

Realistic Examples

The Fake Invoice

Subject: "Invoice #INV-29471 - Payment Overdue"
From: accounts@supplier-invoices.net
Body: "Please find attached your overdue invoice. Pay within 48 hours to avoid legal action."

Reality: The attachment contains malware. If you weren't expecting an invoice, delete it. If unsure, contact the supposed sender through official channels.

The "Unusual Sign-In" Alert

Subject: "Security Alert: New sign-in from Windows device"
From: security@microsoft-account-team.com
Body: "We detected a sign-in from an unusual location. If this wasn't you, click here to secure your account."

Reality: The link goes to a fake Microsoft login page. Real Microsoft alerts come from @microsoft.com. Check by logging in directly at account.microsoft.com.

The Subscription Renewal

Subject: "Your Norton subscription renewed - $449.99 charged"
From: norton-support@renewal-notice.com
Body: "Your annual subscription has been auto-renewed. If you didn't authorise this, call 1800-XXX-XXX immediately."

Reality: They want you to call. The "support" agent will ask for remote access or payment to "cancel". Don't engage — delete and check your bank statement directly.

What to Do Next

Check the sender's actual email address — Click to expand it. Does it match the company?
Hover over links — See where they really go before clicking.
Go direct — Don't click email links. Open your browser and type the official website.
Never open unexpected attachments — Especially ZIP, EXE, or Office files with macros.
Forward phishing to the real company — Most have a phishing@company.com address.

If You Clicked a Link or Opened an Attachment

Entered credentials: Change the password immediately on the real site. Enable 2FA. Check for password reuse on other sites.
Opened an attachment: Disconnect from the internet. Run a full antivirus scan. Consider professional help if you suspect ransomware.
At work: Report to IT immediately. Time is critical for limiting damage.

Frequently Asked Questions

Why does the email look exactly like the real brand?

Scammers copy legitimate emails. Logos, formatting, footers — all cloned. The giveaway is usually the sender address or the link destination.

Can scammers access my email just by me opening their message?

Usually no. Opening an email is relatively safe. The danger is clicking links or opening attachments.

How do they know my name and email?

Data breaches. Your info has probably leaked from at least one service you've used. Check haveibeenpwned.com to see.

Email Phishing Examples: Spot the Fakes

Quick Verdict

Red Flags to Look For

Realistic Examples

What to Do Next

If You Clicked a Link or Opened an Attachment

Frequently Asked Questions

Related Guides

How to Spot a Fake Link Before You Click

Is This Website Legit? How to Check Before You Buy

Tax Authority Impersonation Scams: Fake Refunds and Debt Threats

Suspicious about a message you received?