6 Phishing Email Examples: How to Spot the Scam

Phishing emails come in many forms, from phony Nigerian princes to IRS impersonators to highly personalized spear phishing attacks. In this article, we’ll show you six phishing email examples, alongside some key pointers on how to spot the scam and protect yourself from phishing attacks.

Example #1: Customer Service Phishing Email

In one of the most common types of phishing scam, the attackers poses as a credible company in hopes their victim will hand over critical information, such as their credit card number. Here’s a real life example:

Example phishing email, claiming to be from Norton

How It Works

Off the bat, this phishing email aims to throw off its readers by putting a sizable charge in front of them: $499 is nothing to laugh at. Their hope is that you’ll react without thinking twice and call up their phony support number.

Once you reach them, I’m sure they’d be happy to offer a full refund – just as soon as you verify your address and credit card number. At that point, they’ve got exactly what they wanted, and can then use your credit card on whatever they want.

How to Spot the Scam

First off, look closely. This email is riddled with errors and inconsistencies, from the “Norton Life lock” capitalization to the $0 in taxes on this purchase. Plus, it was sent from a Gmail address instead of from Norton.com.

What’s more, this email is just begging you to call support. Most companies don’t want you to bother their phone support team, especially not with a refund request. But this email finishes with a big yellow button highlighting their customer support number, followed by two more lines asking you to please contact their customer support team.

Regardless of these red flags, there are a few key things you can do to avoid getting scammed by phishing emails such as this one. Most importantly, you should never click a link or call the number listed in an email. Instead, navigate to Norton’s website so you can look up their official number yourself. You could also verify this email on you own by checking with your bank.

Example #2: Advance Fee Fraud (the “Nigerian prince” and friends)

Advance fee fraud is one of the classic phishing scams. In this type of phishing email, someone you don’t know promises a vast sum of money if you can pay them a lesser amount up front. Take a look:

Dear Friend,

I hope this email finds you well. I write to ask for your aid in remitting a sum of $18.4 million. These funds were awarded as part of a government contract, and I want to safely move them out of my country under your supervision.

My name is Adomas Masiulus and I am the Director of Extraction for the Lithuanian Department of Energy. It is in my power to move this money to a safe destination. All I ask from you is that you safeguard these funds. For your service, you would be eligible to transfer 15% of this money to your own personal accounts.

It is necessary that you handle this business with the highest discretion. Should you do so, the profits described above can be arrived at with a minimum of personal risk.

Kindly reach out to me for further information at a.masiulus@gmail.com.

I eagerly await your reply.


Mr. Adomas Masiulis

How It Works

The con here is pretty straightforward. And the pitch is broad enough that a scammer can easily send it to thousands of people. Most won’t fall for it, but even if 1% of people do, the scam artist can make some money.

Advance fee fraud takes many forms. Watch out for Nigerian princes, government contractors, phony inheritances, unused bank accounts, high yield investments, and other so-called “opportunities”.

How to Spot the Phish

Why would a government contractor or Nigerian prince promise a total stranger such a vast sum of money? If it sounds too good to be true, it probably is. You shouldn’t trust a total stranger with your money and expect to see a dime in return.

If that’s not enough, the email address is a dead giveaway. As we’ll discuss later, an email address alone isn’t enough to trust someone. But a not-very-official gmail.com address is enough to disqualify this one out of hand.

Example #3: Fake Bank Email

One of the most common phishing techniques involves impersonating a bank. Check it out:

"Online Banking Security Alert" phishing example email impersonating Chase Bank.

How It Works

This email looks exactly like one you might receive from your own bank. In this case, the scammer hopes you’ll click the link in their email, which sends you straight to their phony version of the bank’s website. From there, all you have to do is login and you’ve handed over your bank account credentials to a scammer.

How to Spot the Scam

Because this email looks so much like the real thing, it can be a tough one to spot. The email address is a tell here – I sent this example to myself – but you can’t always count on the email address to discern real from fake. Via a technique known as email spoofing, skilled scammers can disguise their email address as anything they want.

That’s why it’s so important you never click the links you receive in unsolicited emails. Instead, navigate to your bank’s website independently, or look up their phone number and give them a call to find out what’s really up.

Example #4: Fake IRS Email

Another common phishing method is to imitate a government entity, such as the IRS or the FBI:

This image has an empty alt attribute; its file name is email-scam-image_1.jpg
Scam email claiming to be from IRS.gov

How it Works

Just like in the previous example, this phishing email is doing everything it can to impersonate the real thing. IRS impersonators usually exploit fear  – if you think you’re going to get audited by the IRS, you might react before you have time to think it through.

How to Spot the Scam

This one’s easy once you know the secret: per IRS policy, the IRS never contacts taxpayers via email, text message, or social media to request personal or financial information. So if you get an IRS email out of the blue requesting any kind of information, it is almost certainly a scammer.

All of the above tips hold true as well. Instead of clicking the link, you should look up the IRS’s official website so you can contact them directly.

Example #5: CEO Fraud Email

When targeting a business, phishing scammers often try to impersonate the CEO. How would you react to the following email?

Hi James – please take care of this invoice for me: https://bit.ly/2P6Akll

No need to reply, I’m on vacation right now. See you when I get back.

– Edgar Halcott
CEO, Bushwhack Industries

How It Works

At most companies, when the boss says something, you do it. If you’re in a position to regularly handle direct requests from the CEO, this might just look like a routine request. Suffice to say, should anyone pay the invoice, the scam artist walks away with the money.

If you don’t normally work directly for the CEO, you might be step up. Remember, a skilled scammer can falsify the “from” line, making it look just like it came from the CEO’s actual email address.

How to Spot the Scam

First of all: as with any request for money or personally identifiable information, take a minute to think before you proceed. You can start with these questions:

  • Who is the person or company in question?
  • Does your company regularly do business with this person or company?
  • Have you handled financial transactions with them before?
  • And is the CEO really on vacation right now?

If you’re not sure about the request, the best way to clarify is to talk to someone else. If you don’t handle business with the company in question, you can talk to the person who does. If you are, you can talk to your contacts at the company in question directly to see whether the invoice is legitimate or not.

Crucially, do not forward this email to anyone else in your organization. If you do, you’re just spreading the scam! Believe it or not, people will still fall for a phishing email if you attach a warning to it.

Hopefully, your company has a clear system in place to report suspected phishing attempts. If need be, you can always show someone the phishing email on your computer or send them a screenshot.

Example #6: Spear Phishing Example Email

Spear phishing is a specific type of phishing, in which the email is highly personalized to aim at a specific target. It usually requires doing some advance research: in this case, they’ve identified that their target has a grandchild visiting China.


I am writing to inform you that your relation, JONATHAN SMITH, has been arrested by the People’s Armed Police Force (中国人民武装警察部队) for the following offenses:

• Subversion
• Defacing a public monument
• Destruction of property of the People’s Republic of China

He is currently being held at Tilanqiao Prison (提篮桥监狱) in Shanghai. We are prepared to free him on the condition of his removal from the country. To do so, we will need $13,500 dollars to pay for damages and deportation expenses.

Please forward this money via the following web portal: https://bit.ly/2P6Akll

–– Yuan Baoquang 王寶強

How It Works

Spear phishing attacks begin with research so that the spear phisher can tailor their email to their target. In this case, because the hypothetical grandchild is in a foreign country, it might not be easy to reach them and verify.

This example also attempts to spark fear in their target, so as to override their better judgement. Many parents and grandparents wouldn’t think twice to help out a family member – and it’s exactly this sentiment that the scam artist cruelly aims to exploit.

How to Spot the Scam

The best way to verify this kind of email is to contact the person in question or another family member. If a grandparent receives the above email, for instance, they can try calling the grandchild, and if they don’t pick up, they can try the kid’s parent. Crucially, think before you act. Do what you can to ensure an email is legitimate before handing over money or personal information.

For more examples, see our full article on Spear Phishing Email Examples.

How to Protect Yourself From Phishing Attacks

The best way to protect yourself from phishing attacks is to avoid clicking on links in unsolicited emails or handing over any sensitive information via email. As a baseline, you cannot simply trust an email sender is who they claim to be.

You might think to check the sender’s email address. But through a technique known as email spoofing, a scam artist can make it look like the email came from an address of their choosing. Check it out:

An spoofed email example, showing how a scammer can fake the from line on an email address.

This email obviously didn’t come from George Washington, or from the domain whitehouse.gov. But in a matter of minutes, I was able to send this email that appears to come from the first U.S. President.

Finally, many phishing emails rely on the old social engineering trick of exploiting their target’s emotions. If an email makes your blood pressure suddenly spike, that’s a good sign you should take a deep breath and make sure the email is legitimate before taking any kind of action.

For more information, see our Definitive Guide to Phishing.

About the Author

Find Michael on LinkedIn

Michael X. Heiligenstein

Michael X. Heiligenstein is the founder and editor-in-chief of the Firewall Times. He has six years of experience in online publishing and marketing. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. He graduated from the University of Virginia with a degree in English and History.