Security guide · 2026
15 Phishing Email Examples — And How to Spot Them
Phishing emails look more convincing than ever in 2026. AI-generated copy, accurate brand logos, and personalized subject lines make them nearly indistinguishable from real emails. Here is how the scams actually work — and what to look for.
Critical threatsHigh threats1,751+ detection signals
The FBI's IC3 reported $12.5 billion in losses from phishing and related scams in 2023 — a record high. The reason phishing works so well is not that people are careless. It is that modern phishing emails are engineered specifically to bypass the heuristics humans use to detect fraud.
This page covers 6 of the most common phishing categories, shows what they look like in practice, and explains the psychological and technical techniques behind each one.
6 phishing categories — with real-world examples
🏦
Banking & Financial Phishing
criticalFrom:
security@wellsfargo-alerts.com
Subject:
Urgent: Your account has been temporarily suspended — verify now
You receive an email claiming to be from Wells Fargo, Bank of America, Chase, or Nordea. The email says your account has been suspended due to suspicious activity and you must verify your identity within 24 hours or lose access. The email includes the real bank logo, color scheme, and formatting. The link goes to a convincing-looking login page on a different domain.
Red flags in this example
✗Domain is wellsfargo-alerts.com, not wellsfargo.com
✗24-hour deadline creates false urgency
✗Real banks never suspend accounts via email with no prior contact
✗Hover over the link — the URL does not match the bank's real domain
Why it works
Fear of losing account access overrides careful URL inspection. Most people recognize the bank logo and stop looking.
📦
Package Delivery Scam
highFrom:
delivery-notice@fedex-tracking.net
Subject:
Your FedEx package is on hold — customs fee required
An email arrives claiming your package is held at customs and requires a small fee ($2-5) to be released. It impersonates FedEx, DHL, USPS, or PostNord. The "fee" is paid on a fake website that steals your credit card details. This scam surged 400% in 2024-2026 due to the explosion in international e-commerce.
Red flags in this example
✗Real carriers never charge release fees via email
✗No tracking number matches any real shipment
✗The fee amount is suspiciously small — designed to seem worth paying without thinking
✗Domain is fedex-tracking.net, not fedex.com
Why it works
If you are expecting a package, the timing creates immediate plausibility. The small fee reduces resistance.
From:
security-alert@microsoft-support.org
Subject:
URGENT: Suspicious activity detected on your Microsoft account
An email claims your Microsoft, Google, or Apple account has been compromised. It includes a fake security alert number and a phone number to call immediately. When you call, a "technician" remotely accesses your computer to "fix" the issue — actually installing malware or demanding payment for fake repairs. Volume up significantly in 2025-2026 targeting older users.
Red flags in this example
✗Legitimate security vendors never ask you to call via email
✗Microsoft security alerts link to microsoft.com, not third-party domains
✗Phone number leads to a call center, not a real company
✗Pressure to act immediately before thinking
Why it works
Microsoft brand authority is extremely high. "Your account was compromised" triggers immediate action without verification.
💼
Business Email Compromise (BEC)
criticalFrom:
ceo.johnson@companydomain-secure.com
Subject:
Wire transfer needed today — confidential
An email appears to come from your CEO, CFO, or a senior executive. It requests an urgent wire transfer, often to a new vendor, and asks you to keep it confidential. The FBI reports BEC costs businesses over $3 billion per year — it is the single most expensive cybercrime. The attacker has studied your company org chart and mimics the executive's communication style.
Red flags in this example
✗Request to wire money urgently and confidentially
✗Reply-To address differs from the From address
✗Domain is companydomain-secure.com, not the real company domain
✗Request to bypass normal approval processes
Why it works
Authority of the CEO, combined with confidentiality ("don't tell anyone") removes peer verification. Urgency prevents procedural review.
💌
Romance & Military Deployment Scam
highFrom:
colonel.james.anderson1967@gmail.com
Subject:
I need your help — stuck in deployment
A stranger builds an online relationship over weeks or months, claiming to be a US military officer on overseas deployment, a wealthy widow, or a professional working abroad. After establishing emotional trust, they request money for an emergency (medical bills, military leave, travel home). The FTC reported Americans lost $1.3 billion to romance scams in 2023.
Red flags in this example
✗Never met in person despite weeks of daily communication
✗Refuses video calls or calls drop immediately
✗Military deployment is used to explain inability to meet
✗Financial requests follow emotional investment
Why it works
Emotional investment is built deliberately over time. By the time money is requested, the relationship feels real. Cognitive dissonance makes victims defend the scammer.
🎰
Prize & Lottery Scam
mediumFrom:
rewards@amazon-customer-loyalty.com
Subject:
Congratulations! You have been selected for a $500 gift card
An email congratulates you on winning a prize — a gift card, cash, or vacation — from a survey, lottery, or loyalty program. To claim the prize, you must pay a small "processing fee" or provide credit card details for "shipping." The prize does not exist. Variants include fake Amazon or Walmart loyalty rewards, fake international lotteries, and fake sweepstakes.
Red flags in this example
✗You did not enter any contest or lottery
✗Requires payment to receive your "winnings"
✗Domain is amazon-customer-loyalty.com, not amazon.com
✗Prize amount is oddly specific ($498.50, not $500)
Why it works
Hope and excitement override skepticism. The small payment to "unlock" a large reward feels like a reasonable exchange.
8 red flags to look for in any email
These signals appear across all phishing categories. Train yourself to check for them before clicking any link or providing any information.
1
Mismatched sender domain
The email claims to be from PayPal but the From address is paypal-security.net or paypal-support.com. Real company emails come from @company.com — no hyphens, no extra words.
2
Urgency and artificial deadlines
"Your account will be suspended in 24 hours." "Respond immediately or your package will be returned." Legitimate companies give you reasonable time and multiple contact options.
3
Generic greeting
"Dear Customer," "Dear User," "Dear Account Holder." Your bank knows your name. If they cannot use it, it is not really your bank.
4
Hover URL mismatch
The link text says "Click here to verify your account" but hovering shows a different URL. In Gmail, hover over any link to see the actual destination before clicking.
5
Request for credentials or payment
No legitimate service will ask for your password via email. No government agency requests payment via gift card, wire transfer, or cryptocurrency.
6
Confidentiality request
"Do not tell anyone about this offer" or "Keep this between us" is a social engineering technique to prevent you from getting a second opinion.
7
Unsolicited attachments
An invoice you did not request, a shipping notice with a Word document, a legal notice as a PDF. Legitimate companies do not send unsolicited attachments.
8
Requests forwarding of verification codes
"Please forward the verification code we just sent you." Legitimate services never ask for codes via email — they are a real-time 2FA bypass attempt.
What Gorganizer detects in your Gmail inbox
Gorganizer uses a 1,751+ signal scoring engine — built across six modules analyzing email headers, sender reputation, subject patterns, body content, attachments, and structural signals — to identify phishing, scam, and fraud emails in Gmail.
The engine detects all six categories shown on this page, plus 32 additional scam types including sextortion, crypto fraud, fake invoice callbacks, and QR code phishing. One scan. One click to move everything to Trash with 30-day recovery.
See all 551+ scam types detected→Frequently asked questions
What is a phishing email?
A phishing email is a fraudulent message designed to trick you into revealing sensitive information — passwords, credit card numbers, Social Security numbers — or downloading malware. Phishing emails impersonate trusted brands or individuals and use urgency, fear, or rewards to override critical thinking.
How can you tell if an email is phishing?
Key red flags: the sender domain does not match the real company (paypal-security.com instead of paypal.com), the email creates urgency or threatens consequences, links point to different domains than the text suggests, the greeting is generic, and there are grammar errors or unusual formatting.
What happens if you click a phishing email link?
Clicking a phishing link may take you to a fake login page to steal your credentials, download malware, or execute browser exploits. If you clicked, immediately change the password for any affected account, enable two-factor authentication, and run a malware scan.
Can Gorganizer detect phishing emails in Gmail?
Yes. Gorganizer uses 1,751+ detection signals across six scoring modules to identify phishing, scam, and fraud emails in Gmail. The engine detects 551+ scam types including account phishing, BEC, package delivery scams, and tech support fraud.
Scan My Inbox for Phishing
Gorganizer scans your entire Gmail inbox and identifies phishing, scam, and fraud emails using 1,751+ signals — in one click. All moves go to Gmail Trash with 30-day recovery.
Scan My Inbox — FreeFree scan · $4.99 one-time cleanup · No subscription required