What is a phishing email attack?
A phishing email attack is one of the most popular types of phishing attacks. In this scam, a cybercriminal sends you a fake email that appears to come from a trusted source, such as your bank or an online service. Scammers use these emails to try to trick you into sharing personal information like passwords, credit card numbers, or other sensitive data.
As you’ll see in the examples below, phishing emails often look so real that it's hard to tell them apart from legitimate communications. The scammer may ask you to click a link or download an attachment. If you do, they could steal your information or infect your computer with malware.
Phishing email examples
To help you spot phishing attempts, we've compiled 15 real phishing email examples that may end up in your inbox. By knowing what these phishing emails look like, you can better protect yourself from these and similar scams.
Common email phishing examples include:
Fake Google Docs updates
In a Google Docs phishing scam, a cybercriminal sends an email claiming that someone — often a person you know — has shared a document with you. The email urges you to click a link to view it, but the link leads to a fake Google Docs login page designed to steal your account credentials. Were you expecting a document from this person? If not, it’s probably a scam.
PayPal scams
In a PayPal scam, you might receive an email claiming you have a problem with your account, such as unauthorized activity or a payment failure. The message will urge you to click a link to log in and resolve the problem immediately. The link likely leads to a fake PayPal website, designed to steal your login details the moment you enter them.
Fake support scams
In fake support scams, cybercriminals send phishing emails posing as customer support from well-known companies like Google. They may warn you about a security breach, a virus on your device, or an urgent account issue that needs immediate attention. Some scammers go even further by asking you to download malicious software that secretly gives them control of your device.
IRS or tax refund scams
IRS or tax refund phishing emails claim you’re owed money, making it seem like a lucky break. These emails urge you to click a link and enter your personal details to claim the refund. In reality, scammers use this tactic to steal your sensitive information by capturing your login credentials or banking details.
Fake CEO scams
In fake CEO phishing attacks, scammers pose as executives and send urgent emails to employees, often in finance or HR. They use nearly identical email addresses and pressure recipients to make quick payments or share sensitive data.
A typical message might say, “Process this now. I’m in a meeting, so don’t call — just confirm when done.” These scams exploit trust and authority, making employees rush to comply for fear of delays or mistakes.
Fake Apple iCloud security updates
A fake Apple iCloud security update email appears to be from Apple and warns that your account needs urgent attention. It typically includes a link to a fraudulent login page designed to steal your credentials. Watch for red flags like spelling errors, unusual fonts or text colors, unfamiliar sender addresses, or requests for sensitive information.
Unusual activity alerts
In an unusual activity scam, you receive an email warning that someone tried to access your account. It urges you to click a link to secure it immediately. While the email may seem alarming, the link actually leads to a fake login page designed to steal your credentials.
Scammers rely on panic and urgency to make you act without thinking. Before clicking anything, take a breath — check the sender’s email address, look for generic wording, and verify your account status by going directly to the official website.
Suspended account scams
In a suspended account scam, a phishing email claims that your account has been suspended due to a security issue or policy violation. It urges you to click a link to restore access, but the link leads to a phishing site. If you receive an email like this, don’t rush to act. Most legitimate companies won’t suspend your account without prior notice.
Account deactivation scams
In an account deactivation scam, you receive an email warning that your account will be deactivated unless you provide information and do it fast. Scammers use fear and urgency to trick you into handing over your sensitive data. If you weren’t expecting this email or the message seems rushed and vague, don’t engage with the sender — report the email instead.
Fake invoice scams
In a fake invoice scam, you receive an email claiming you’ve been charged for a product or service you never purchased. The sender hopes you will panic and pressures you to contact support to dispute the charge and request a refund.
Once you engage, the scammer may ask for your banking details to “process” the refund, trick you into providing login credentials, or direct you to a fake payment portal designed to steal your information.
DocuSign phishing scams
In a DocuSign email scam, you receive an email claiming someone has sent you a document to sign. Since DocuSign is commonly used for contracts and agreements, scammers rely on you clicking without thinking twice.
If you weren’t expecting a document, don’t reply or click on any links or attachments. If you were, verify the sender’s email address and confirm with them through another form of communication.
Unknown purchase scams
In an unknown purchase phishing scam, you receive an email claiming you were charged for something you never bought. It might say you ordered an expensive item or subscribed to a service and include a suspicious PDF attachment, supposedly to show what you purchased.
Scammers hope you panic and open the attachment without thinking, which can result in downloading malicious software. As with other phishing email examples, if you receive an email like this, don’t rush. Instead, check your bank account directly through the official website or app rather than clicking on any links or attachments. Most likely, you won’t see any charge and will realize the email is a scam.
Account upgrade notifications
Account upgrade phishing emails claim your account has been upgraded to a premium or business plan — sometimes with a surprise charge. The email might say you need to pay a fee upfront to unlock new features or even promise a reimbursement of a larger amount once you complete the payment.
Social media requests
In a social media scam, you receive a message from someone posing as a friend, colleague, or even a support team member. They might ask you to click a link, open an attachment, or confirm a password reset request you never made. Many social media scams, including Facebook phishing emails, follow similar tactics.
If you weren’t expecting a password change or the request seems unusual, don’t click anything. Instead, verify directly with the person or check your account security settings through the official website.
Fake job offers
In a job offer scam, the scammer might thank you for applying for a position you don’t remember and then suggest a different, higher-paying role. Some emails claim your skills are “a perfect match” without mentioning any specifics.
Others may offer an easy remote job but require you to share personal information or pay upfront for training, materials, or a background check. If a job offer lands in your inbox out of nowhere, promises big money with little effort, or asks for payment, it’s a red flag. Legitimate employers don’t charge you to get hired.
Common types of phishing attacks
Phishing attacks come in many forms, each designed to steal personal information, spread malware, or compromise networks. Scammers often use multiple tactics to increase their chances of success.
For example, technical support scams often involve voice phishing to trick victims over the phone, combined with brand spoofing to make their calls seem legitimate by impersonating well-known companies like Microsoft, Apple, or Google.
They may also direct victims to phishing websites, use email follow-ups, or even employ scare tactics to create urgency. Recognizing common phishing methods can help you avoid these scams before they cause harm.
Spear phishing
Spear phishing is a highly targeted phishing attack aimed at a specific person or organization. Unlike general phishing emails sent to many people, spear phishing emails feel much more personal. Attackers may use your name, job title, or company details to make the message seem legitimate.
For example, you might receive an email from someone pretending to be your boss, asking you to send confidential documents or wire money. Because the email looks familiar and urgent, it’s easy to fall for the trap.
Business email compromise (BEC)
In a BEC attack, scammers impersonate executives, employees, or business partners to trick companies into transferring money or sharing sensitive data. These emails often look urgent and convincing, pushing employees to act quickly without verifying details.
For example, a scammer might impersonate a CEO and email a finance department employee, urgently requesting a wire transfer. Always verify financial or sensitive requests through a direct call or an official company communication channel.
Vishing (voice phishing)
Vishing, or voice phishing, happens over the phone instead of email. Scammers call pretending to be from banks, tech support, or even government agencies, trying to trick you into sharing sensitive information. They often create a sense of urgency, claiming your bank account is at risk or that you owe money.
A common example is a scammer pretending to be from your bank and asking you to verify your account details to prevent fraud. If someone unexpectedly calls you asking for personal information, hang up — it’s scammers. To ensure you’re in no trouble, contact the company directly using an official number.
Smishing (SMS phishing)
Smishing is a type of phishing that occurs through text messages. In smishing attacks, scammers send fake messages that look like they’re from banks, delivery services, or online accounts. These messages usually contain a link that leads to a fake website designed to steal your login credentials.
For example, you might receive a text saying, "Your bank account has been locked. Click here to restore access." The link leads to a fake banking page where scammers collect your details. Always be wary of unexpected texts with urgent requests and never click on suspicious links.
Pharming
Pharming is a type of phishing attack that redirects you from a legitimate website to a fake one without you realizing it. Unlike other phishing methods that rely on tricking you into clicking a fake link, pharming manipulates website traffic, making even careful users vulnerable.
For example, you might type in your bank’s web address correctly, but due to a compromised system, you’re redirected to a fraudulent site that looks identical to the real one. Always check for HTTPS and a secure padlock icon in your browser before entering any login information.
Brand spoofing
Brand spoofing happens when scammers impersonate well-known brands to trick users into providing personal information. They may send fake emails, create copycat websites, or even run scam ads to steal login credentials or payment details.
A common example is an email pretending to be from Amazon, saying your account has an issue and asking you to log in. The link leads to a fake login page where scammers capture your username and password.
How to spot phishing emails
Phishing emails can be sneaky, but most follow predictable patterns. Look for these telltale signs to identify a phishing email:
- Suspicious sender address. Scammers often use email addresses that look real but contain small changes. For example, you might receive an email from "support@amaz0n.com" instead of "support@amazon.com" — the "o" swapped for "0" is a classic phishing trick.
- Urgent or threatening language. Phishing emails try to make you panic so you act without thinking. You might get an email saying, "Urgent: Your account will be closed in 24 hours unless you verify your identity now." Scammers use fear to push you into clicking a link or sharing personal details.
- Generic greetings. Legitimate companies usually address you by name, while phishing emails often start with vague greetings like "Dear customer" or "Dear user." A fake PayPal email, for example, might say "Dear valued member" instead of using your real name — a generic greeting that suggests it’s a mass email sent to many people.
- Unusual attachments or links. Unexpected attachments or links in emails are major red flags. A fake Microsoft support email might include an attachment called "Invoice_2025.zip" — but if you never requested an invoice, it’s likely malware. Similarly, a scammer posing as your bank might include a link to verify your account, which actually leads to a fake page designed to steal your login credentials.
- Request for personal information. Legitimate companies never ask for sensitive details like login details or Social Security numbers via email. If you get an email from your "bank" asking you to "confirm your account number and PIN" by replying, it’s a scam.
- Spelling and grammar mistakes. Poor grammar and awkward phrasing are common in phishing emails. A fake streaming service email might say, "We have a trouble with your billing information. Please update your information to continue enjoy your services." These mistakes are a clear sign the email isn’t from a legitimate company.
How to protect yourself from phishing email attacks
Phishing emails can be convincing, but don’t let scammers fool you. By staying alert and following a few key precautions, you can keep your personal and financial information safe. Follow the tips below to learn how to prevent phishing attacks.
Be cautious with emails
Treat unexpected emails with caution, even if they seem to come from a trusted source. Scammers often disguise phishing emails as urgent messages from banks, delivery services, or tech support. If an email pressures you to act fast, take a moment to think — real companies don’t rush you into making decisions.
Verify with the source
If an email asks for sensitive information or includes an unusual request, contact the company directly. Don’t reply to the email or use any phone numbers or links it provides. Instead, visit the official website or call customer support using a verified number.
Use security software
Install reliable antivirus and anti-phishing software to block phishing emails before they reach your inbox. NordVPN’s Threat Protection Pro™ is an anti-phishing solution that automatically scans URLs while you’re browsing and blocks phishing sites before they can cause harm. It also includes a malware scanner to protect you against malware infections.
Enable multi-factor authentication (MFA)
Multi-factor authentication (MFA) adds an extra layer of security by requiring an additional authentication step — like a one-time code sent to your phone — before you can log in. Even if a hacker steals your password, they won’t be able to access your account without this second factor. Enable MFA on all important accounts, especially for email and banking.
Use a VPN
A VPN encrypts your internet connection, keeping your data private and secure, especially on public Wi-Fi. However, a VPN alone won’t protect you from fake websites and phishing if you click on a malicious link. If you use NordVPN with a plan beyond the basic one, you also gain access to Threat Protection Pro™, which blocks harmful phishing sites when opened, reducing the risk of falling for scams.
Avoid clicking on links or downloading suspicious attachments
Phishing emails often contain links that lead to fraudulent websites or malicious attachments that install malware on your device. If you weren’t expecting an email with a link or file, don’t click it. Hover over links to see the real URL before clicking and only download attachments from trusted sources.
Additionally, learn which email attachments are safe to open and which are not. Avoid opening attachments containing extensions, such as .iso, .exe, .zip, .rar, .dmg, .doc, .ppt, or .xls. Files that end in .text are generally safe. If you’ve clicked on a phishing link, take action immediately. Disconnect from the internet, scan your device for malware, and change any compromised passwords to prevent further damage.
Report phishing attempts
If you receive a phishing email, don’t just delete it — report it. Most email providers have a “Report phishing” option to help filter out scams. You can also report phishing attempts to your bank, workplace, or government agencies that track online fraud.
Conclusion
Phishing attacks are a growing threat, with scammers increasingly using various phishing techniques to steal personal information. To stay safe, watch for suspicious sender addresses, urgent or threatening messages, generic greetings, unexpected attachments, and requests for personal details.
Some examples of phishing emails include fake PayPal alerts about account issues, IRS refund scams promising money you never requested, and suspicious activity warnings designed to create panic. Scammers also use fake job offers and account suspension notices to steal login credentials or financial details. These messages often look legitimate, making it crucial to verify any unexpected requests.
Protect yourself by staying informed and avoiding links or attachments from unknown sources. Use tools like NordVPN’s Threat Protection Pro™, enable MFA, and report phishing attempts to the relevant authorities. A cautious approach can help keep your personal and financial information safe.
Online security starts with a click.
Stay safe with the world’s leading VPN
