Havoc Shield Blog

Phishing Simulation - 113 Email Examples To Identify Phishing Attacks

Written by Brian Fritton | Nov 16, 2020 6:00:00 AM

If you follow this blog regularly, you know that it is no secret that we spend a lot of time writing about how to identify and protect against phishing attacks.  A big part of staying safe from phishing attacks is to take a serious approach to running phishing simulations that give your team a very practical opportunity to test their skills at identifying safe versus unsafe emails.

But, what makes a great phishing simulation email?  Below we'll share the key factors that make phishing simulation emails effective, and our favorite 113 phishing simulation emails that we use with our clients.

3 Crucial Factors for Phishing Simulation Emails

A phishing simulation email that becomes a terrific learning experience for your team needs the following to be successful:

  1. Sender Relevance: the most effective phishing campaigns (and simulations) that we've seen, are ones that claim to be from vendors/partners/people that your team expects to hear from.  Does your team use Google Suite?  A phishing simulation claiming to be from Google Suite will have a higher "Sender Relevance" to your team, than an account alert email out-of-the-blue from Microsoft Office 365 if that is not a product your team uses.
  2. Contextually Relevant Call-to-Action: the call-to-action needs to be an action that your team would plausibly be asked to do, by the highly relevant sender.  If your team uses Avis rental cars when they travel, a well-timed survey from Avis is plausible.  So, a phishing simulation that asks team members to click through to sign into their Avis account to fill out a survey, would meet the "contextually relevant" bar.
  3. Interplay with Training:  how do you like the idea of running a phishing simulation, with no training before, after, or during?  We don't like the idea at all.  The best phishing simulations have a strong tie-in with training.  How?  We advise most of our clients to run an online / on-demand security awareness training initiative shortly before or after the phishing simulation (opinions and situations differ), and to have a landing page for users who "fall for" (click on) the phishing simulation.  Not one that makes the user feel bad -- one that educates on what about the email should have seemed suspicious enough to hold off on clicking.

With that context now set, let's look at some real phishing simulation email topics that we use with our clients at Havoc Shield.

113 of Our Favorites

Here are our favorites.  This isn't a complete list of phishing simulation emails that we use with our clients, but it's a representative sample that should give you a flavor for the types of emails that we believe to be effective.

  1. Active Directory Password Reset
  2. Adobe Password Reset
  3. ADP Password Reset
  4. AGL Energy Electricity Disconnect Notice
  5. Alaska Airlines Password Expired
  6. Alitalia Free Ticket
  7. ANZ Customer Service Confirmation Request
  8. Apple Confirm Account
  9. Apple YouTube Red Confirmation
  10. AT&T Order Confirmation
  11. Atlassian Account Locked
  12. Australia Post Ground Post Delivery Exception
  13. Avis Free Rental
  14. Avis Survey
  15. Banana Republic Gift Card
  16. Bank of America Strange Purchase Activity
  17. Bank of England Account Reset
  18. Bank of Ireland New Authentication Process
  19. Best Buy Reset
  20. Bigpond/Telstra Service Suspension
  21. BoA Wire Transfer
  22. Carfax Report
  23. CDC Health Alert
  24. CenturyLink Account Locked
  25. Chase Payment Past Due
  26. Chase Secure Message
  27. Cigna New Benefits
  28. Cisco Webex Verify Account
  29. Citi Card Payment
  30. Coinbase New Deposit
  31. Commonwealth Bank Account Locked
  32. Commonwealth Bank Verify Disabled Account
  33. (removed)
  34. Craigslist Password Reset
  35. Credit Karma Reset
  36. DocuSign COVID Forms
  37. Dominos Gift Card
  38. DoneDeal Password Reset
  39. DropBox Password Reset
  40. e-SignPackage: Closing Documents
  41. eBay Credit
  42. Energia Past Due Bill
  43. Event Tickets Download
  44. Evernote Offer
  45. Experian Credit Update
  46. Experian Free Credit Monitoring
  47. Facebook Account Locked
  48. Geico Payment Alert
  49. GitHub Account Compromised
  50. Gmail Password Change
  51. GoDaddy Account Past Due
  52. GoFundMe Campaign
  53. Google Security Alert
  54. Google Security Issue
  55. Google Suite Offer
  56. Holiday Inn Express Survey
  57. Kohls Gift Card
  58. LinkedIn Invitation
  59. LogMeIn Failed Login Attempt
  60. LogMeIn Update phish
  61. Lyft Free Credit
  62. Macys Account Locked
  63. Marriott Account Compromised
  64. Marriott Hotels Free Stay
  65. Microsoft Account Compromised
  66. Microsoft Office 365 Mailbox Shutdown
  67. Microsoft Office 365 Password Expired
  68. Microsoft Teams Added Notification
  69. Mint Credit Score Dropped
  70. Mint Purchase Alert
  71. Namecheap Free Domain
  72. Netflix Account On Hold
  73. Netflix Account Reset
  74. New Company Policy: Communicable Disease Management Policy
  75. Newegg Free Gift Card
  76. Norwegian Air Free Flight
  77. OKCupid Matches
  78. OneDrive Shared Document: Bonus payments and other reimbursements
  79. OneDrive Shared Document: New Project response
  80. Paypal Payment Received
  81. Paypal Unusual Log In Activity
  82. Pinterest Fresh Pins
  83. Salesforce Account Locked
  84. Service Desk Quarantined Mail
  85. Skype new voicemail
  86. Spotify Password Reset
  87. Strava Account Locked
  88. SunTrust online banking unusual activity
  89. Telstra Bill Arrival Notification
  90. Telstra Refund Notification
  91. Tesco Account Compromised
  92. (removed)
  93. (removed)
  94. Twitter New Follower
  95. Uber Free Credit
  96. UPS Account Locked
  97. UPS Delivery Notice
  98. UPS In Transit Notification
  99. Venmo Payment
  100. Verizon Account Verification
  101. Vueling Flight Cancelled
  102. Walmart Free Credit
  103. Webex Invitation
  104. Wells Fargo Insufficient Funds
  105. Wells Fargo Security Alert
  106. WHO Consumer Stimulus Package
  107. WHO Solidarity Response
  108. WHO Virus Awareness Safety Measures
  109. WHO WFH Grant
  110. YouTube Account Locked
  111. Zillow Alert
  112. Zoom Account Suspension
  113. Zoom Missed Meeting

Want us to run a phishing simulation for your team, as part of our broader security awareness training offering?  We're standing by to help.