10 Common phishing emails to watch out for

September 02, 2020

Previously, we talked about phishing and its four common types: spear phishing, whaling, clone/deceptive phishing, and CEO fraud. In this blog, we’ll tackle 10 phishing emails that cybercriminals commonly use to trick users. While SMS, voice calls, and websites can also be used for phishing, we’ll focus on email since 96% of phishing attacks arrive by email.

Did you know that?

1. Government pretense

This type of phishing email appears to come from a federal, state, or local government body, such as the Federal Bureau of Investigation and National Security Agency. The messages used greatly vary depending on the function of the agency. Some examples include:

  • “Your request for a loan has been denied due to incomplete information. Click here to provide your information.”
  • “We detected that you illegally downloaded files, therefore we will revoke your internet access unless you enter the requested information in the form below.”
  • “You are eligible to receive a tax refund. Click on the link below to submit your tax refund request.”
  • “We created a website for citizens to verify their personal information. Please use the following link.”

2. Scare tactic

As its name denotes, this email paints frightening scenarios that impel you to act without thinking twice. A common example is the email claiming that someone posted a sexually explicit image of you. In order for you to delete it, you need to submit a request through the provided link.

3. Compromised credit card

The email sender usually knows that you’ve recently purchased something, so they inform you that there was a problem with the credit card (e.g., expired card, incorrect billing address, etc.,) that you’ve provided. They will then ask you to click on the provided link that takes you to a spoofed website where you’ll be asked to input your credit card information.

4. Account expiration or deactivation

This email informs you that your account is about to expire or will be deactivated due to a data breach incident or “unusual login activity.” You will then be instructed to click on the provided link (that will lead you to a spoofed website) or download the email attachment to avoid losing your account.

5. Contest winner

In this phishing scam, you’re told that you’ve won something and to claim your prize, you need to click on the provided link to submit your shipping details.

6. Bank withdrawal alert

A bogus email from your bank notifies you that a certain amount has been withdrawn from your account. Should you have any questions about the transaction, you are asked to click on the provided link that will lead you to a fake web form asking for your banking details for “verification purposes.”

7. Angry customer

The email sender pretends to be a customer who wants their money back, or else they will report you to the relevant authorities.

8. Routine checkup

In this phishing attempt, a scammer poses to be from a company you transact with. That scammer tells you that they are conducting a routine security procedure. With this, you are requested to verify your account or update your records using the provided link.

9. Urgent boss requirement

Your “company’s CEO or top executive” sends you an email requesting a fund transfer to a foreign partner. In the email, the sender asks you to wire the money immediately so they can secure the new partnership.

10. Company tech support request

An email pretending to be from the company’s IT department asks you to install new corporate software, which is actually malware.

While some of these phishing scams may seem blatantly obvious, you never know when you or your employees may fall victim to one. Protect your company from even the most sophisticated social engineering emails with the powerful TrustGraph® AI of Graphus. Ask for a demo.

Stay safe from even the most sophisticated cyberattacks and social engineering scams


Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.

Get a Demo of Graphus