← Back to BlogPhishing Basics

Real Phishing Examples: We Broke Down 5 Actual Scam Emails

Real Phishing Examples: We Broke Down 5 Actual Scam Emails

Reading about phishing theory is one thing. Seeing it is another. Here are five real types of phishing emails that have targeted Australians — with a full breakdown of every red flag. Once you see these patterns, you'll spot them in seconds.

Note: We've described the patterns without reproducing actual criminal content. These represent widely reported phishing types documented by the ACCC and ACSC.

Example 1: The Fake NAB Security Alert

What it looks like: Subject: "Urgent: Suspicious Activity on Your Account" From: display name "NAB Security" but actual address: `security@nab-alerts-secure.net`

Body: Claims suspicious login activity has been detected. Provides an urgent link to "verify your account" to prevent suspension.

The red flags:

  • The domain is `nab-alerts-secure.net` — not `nab.com.au`
  • Banks don't send clickable links in security emails
  • Generic urgency, no account-specific details
  • Threat of account suspension

Example 2: The Australia Post Parcel SMS

What it looks like: SMS from random number: "AusPost: Your parcel is on hold. Pay $2.99 redelivery fee at: [suspicious URL]"

The red flags:

  • Australia Post doesn't charge redelivery fees via SMS link
  • The URL goes to a non-auspost.com.au domain
  • Random sender number
  • No tracking number provided

Example 3: The Microsoft 365 Credential Harvest

What it looks like: Email appearing to come from "Microsoft Account Team": "Your subscription has expired. Click here to update your payment details."

Link goes to a convincing but fake Microsoft login page.

The red flags:

  • Hover over the link — it goes to a non-microsoft.com domain
  • Microsoft communicates subscription issues through your admin console, not random email
  • No specific account name or organisation mentioned
  • The fake login page URL often has subtle misspellings

Example 4: The Fake Invoice from "Supplier"

What it looks like: An invoice that looks nearly identical to a real supplier's invoice, with the same logo and layout, but the sender email is `accounts@blueskycleaners.com.au` instead of `accounts@blue-sky-cleaning.com.au` and the bank details have changed.

The red flags:

  • Domain name subtly different from your known supplier
  • Bank details change with no prior communication
  • No corresponding purchase order
  • The email doesn't come from a thread with prior history

Example 5: The IT Help Desk Impersonation

What it looks like: An email that appears to come from your IT department or helpdesk: "We're conducting a mandatory password update. Please click here to reset your password within 24 hours."

The red flags:

  • Your IT team would reset passwords via the actual system — not an emailed link
  • The link goes to a fake login page
  • Urgency: "within 24 hours"
  • Generic content, not specific to your company's systems

The common thread:

Every one of these examples uses:

  1. A plausible sender
  2. Urgency
  3. A link or attachment
  4. A request for credentials, money, or personal information

Once you see the pattern, you see it everywhere.

Practise with real-looking examples:

Phishbate puts you face-to-face with realistic phishing scenarios and tests your ability to spot the red flags. The learning sticks because it's hands-on.

Try the Phishbate phishing quiz — free →

Think you can spot a phish?

Put your knowledge to the test with the Phishbate interactive quiz. It only takes a few minutes.

Take the Quiz →