Contact Us

Real Phishing Examples

Annotated examples showing the tactics and red flags in actual phishing attacks.

Learning from Real Attacks

The best way to recognize phishing is to study real examples. Below are common phishing patterns with analysis of how they attempt to deceive victims.

Example 1: Banking Login Phishing

Attack Pattern

Victim receives email claiming suspicious account activity, urging immediate login to verify their account.

Red Flags

  • Sender domain – Email from "security-alerts.bank-name.com" not the real bank domain
  • Urgency – "Your account will be suspended in 24 hours"
  • Link mismatch – Displayed link shows bank.com but actually links to attacker domain
  • Generic greeting – "Dear Customer" instead of actual name

Example 2: Microsoft 365 Credential Harvest

Attack Pattern

Email claims shared document requires login. Link leads to fake Microsoft login page.

Red Flags

  • Unexpected sharing – Document shared by unknown person
  • URL inspection – Page hosted on malicious domain, not microsoft.com
  • Request scope – Asking for password on what should be SSO
  • SSL certificate – Free certificate instead of EV certificate

Example 3: Delivery Notification Scam

Attack Pattern

SMS claims package delivery failed, asks for address confirmation and small redelivery fee.

Red Flags

  • Unknown package – Victim wasn't expecting delivery
  • Payment request – Legitimate couriers don't request fees via SMS
  • Shortened URL – Link obscured through URL shortener
  • Payment method – Requests credit card for small amount

Example 4: CEO Fraud / BEC

Attack Pattern

Email impersonates CEO asking finance employee to wire funds urgently.

Red Flags

  • Reply-to mismatch – Display shows CEO name but reply goes elsewhere
  • Unusual request – Bypasses normal approval processes
  • Secrecy request – Asked not to discuss with others
  • Pressure – Claims time-sensitive deal or emergency

How to Spot Phishing

  • Always verify sender email addresses
  • Hover over links before clicking
  • Check URL in address bar, not just page appearance
  • Question urgent or unusual requests
  • When in doubt, contact the organization directly through known channels

Related Resources