Suggested IT Security Resources

Examples of phishing messages 

The following phishing examples are intended to try and give a sense of how criminals are trying to gather your personal details. The ways in which they try to this this change constantly, so continual awareness of the threat they pose may be your best last line of defence.

For more information on protecting yourself and your data, check out our top tips here

WARNING: These are real examples of phishing emails. Do not attempt to visit the links shown in the screenshots below:

Example 1 - Email with drive-by phish

The purpose of this type of email is to get you to click on a web link, and give away some of your personal information. Some of the things to watch are for are noted below:


1. By using the word "URGENT" in the subject line, the sender is hoping to provoke an immediate response by the recipient without considering the risks involved.
2. The use of a phrase like "valued customer" is a giveaway, as you would expect a large company to know your name. However, more elaborate phishing emails will have your details if these are publically available.
3. Some of the wording used reads a little strange, though correct grammar is no guarantee of legitimacy.
4. The link suggests it will bring you to Vodafone. However, hovering your mouse over the link will show the real destination "tuckytucky" which is unlikely to have any connection with Vodafone.

Example 2 - Email with phishing attachment

In the example shown below, an email has arrived from a recognised sender with an attached document. However, the wording is very vague, and not what you would usually expect from that sender. In this case, the email account of the other person was compromised, and was used to send malicious emails to contacts in their address book.

If an email such as this doesn’t look right, ring the sender for confirmation that it is real. Otherwise, delete it.

Example 3 - Text message with drive-by phish

Compromised messages don’t just come via email. Be very careful if you get an unsolicited text on your phone with a web link, and a vague message offering something like a photo or other file. It could be attempt to extract your username and password for malicious purposes.