Phishing stories

Would you fall for any of these real-life phishing emails that people opened and clicked?

2/4/20252 min read

Phishing Definition

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted. - Wikipedia

Phishing stories

The following phishing stories are taken directly from social media posts by computer professionals. Some describe phishing test emails that people fell for. Others are real phishing emails that caught people.

  • We had just changed payroll companies from ADP to something else. So they sent a Phish that looked like it was coming from ADP stating that we needed to login through the link to verify our account closures or something like that. Made perfect sense at the time and nearly everyone fell for it.

  • I received a well crafted email about how a customer didn’t recognise a transaction from my company on their credit card statement, and they were going to file a dispute with their bank etc (Super bad for us).... I didn’t fall for it, however i can see many other business owners easily falling for it.

  • I did one [test] that was a fake OneDrive email. I made it look like it came from a C-level whose last name was Martin, but I spelled it Martian. Got a bunch of people with that one. He’s a good sport, and I had his okay beforehand. He found it hilarious until so many people fell for it.

  • There was one [test] i made that had the highest click rate was a link for a lunch order from a misspelt company domain. Ive tried complex designs trying to leverage urgency and authority that i put a lot of effort into but the one that had the highest hit rate was basically “(made up name) is retiring, click here for free lunch”

  • We did a "holiday bonus" gift card [test email]. Got about 50% [of employees to click on it].

  • Highest click-rate test (and highest amount of people @$%?#! pissed) the team conducted was a "Work from home policy changing. Now 3 days in office! Click through to find out more!"

Cyber criminals are constantly devising new, compelling messages to cause you and those you work with to click on links in phishing emails and fake websites. So spread the word about phishing!

For electronic defenses against phishing and other threats, check out our affordable cybersecurity subscriptions: CrimeBlocker, Huntress Guard Dogs, and MultiShields Backup.

info@securemyfirm.com

Subscribe to receive our occasional, informative emails about cybersecurity, send us a message.

30-day return and 100% guarantee
Terms of service and license agreement
Privacy policy