Creating the right templates for an internal phishing simulation can seem like a daunting task.
Which templates are my end-users likely to encounter in real life? How can we build these templates? Are we overlooking any common scams? These questions leave admins in a state of analysis paralysis and hinder the launch of a simulation.
At usecure, our team hates complexity.
That's why we've put together our own list of the 10 best phishing templates to send to your employees, and we've also created them for you to test — for free.
These email templates have some of the highest compromise rates we've seen within our customers' phishing simulation reports, as well as some of the most common techniques used by real-world attackers. Let's dig in...
Top 10 phishing email template ideas
Suspicious activity on your account
Why employees take the bait
- Urgency, fear, confusion — This attack preys on the fear of an unknown person accessing your account and rummaging through your sensitive data, which is enough to make many people jump into action and take the bait before thinking. The cherry on top of this scam is the phishing warning at the bottom of the email, a snide technique that can infuse a sense of trust in the target.
Holiday policy change
Why employees take the bait
- Curiosity, anxiety — Holiday allowances and sick pay are two key considerations for staff when signing an employment contract, so any changes to these policies will raise a few eyebrows. This phishing template sparks intrigue by referring to the policy updates without giving too much away, making the recipient more likely to click the call-to-action to find out what's changed.
Free legacy IT equipment
Why employees take the bait
- Excitement, hope, urgency — Who would pass up the opportunity to claim a free laptop or tablet? Especially when your trusted employer is offering it. Sure, it's unlikely a company would just give away bundles of tech, but it's not unthinkable for a company to repurpose old IT gear by giving them to hardworking staff. That combination of excitement and hope is a recipe for falling victim to a 'freebie' phishing attack.
COVID-19 scam
Why employees take the bait
- Fear, urgency, trust — Phishing attacks soared by 220% during the height of COVID-19, with cybercriminals impersonating the likes of the WHO, CDC and government bodies. These attacks do a great job of exploiting people's heightened fear and willingness to follow official guidance, making them a dangerous lure during a pandemic.
Random meeting invite
Why employees take the bait
- Trust, curiosity — The shift to remote working has resulted in a wave of virtual meeting invites dropping in our inbox. For busy staff, it's easy to go into autopilot and click on yet another Zoom invite without thinking. This phishing email also uses curiosity by not including the host's name or the agenda, encouraging the recipient to review the details by clicking the link.
Social media activity
Why employees take the bait
- Curiosity, excitement — Unless you're an active poster or applying for jobs, it can be a surprise to see a bunch of people viewing your LinkedIn profile. This unexpected surge can be enough to pique the recipient's interest and have them click the "see who's looking" link before thinking.
Your account is due to expire
Why employees take the bait
- Urgency, fear, anxiety — Amazon is one of the most trusted brands in the world. Trust, however, can be a highly effective phishing tactic, especially when the email looks like the real deal. This Amazon scam uses fear and urgency to nudge the recipient into acting now. Minimal context is given as to why the payment details are due to expire, encouraging the victim to find out by clicking the malicious link.
Unknown purchase
Why employees take the bait
- Confusion, anxiety, curiosity — This phishing email can leave the target scratching their head about why they've received a random e-receipt for something they don't remember purchasing. The template adds extra layers of legitimacy by listing what's been bought, as well as a 'helpful' link to learn more and cancel the payment.
Missed Parcel Delivery
Why employees take the bait
- Curiosity, confusion, anxiety — The missed parcel phishing email is a favourite for cyber criminals during busy shopping periods such as Christmas or Black Friday. This attack can trick the target in two ways. Firstly, the target might actually be waiting for a parcel, which makes this email seem even more legitimate and enticing. If no order has been placed, then the recipient might feel encouraged to log in and see what's supposedly been ordered.
Your payment has failed
Why employees take the bait
- Confusion, anxiety — Scammers often abuse the name of popular business software like Xerox. Chances are, at least some of the targets that the criminal sets their sights on will use the product and wouldn't be surprised to receive an email from the vendor. This unpaid invoice phishing email exploits a trusted brand and invokes a sense of confusion and fear within the target.
Would your staff fall victim? Let's find out
Discover which employees are susceptible to these types of common scams by running a free phishing simulation. Grab a usecure free trial account in minutes to:
- Explore hundreds of readily-made phishing templates
- Launch your simulation in a flash with quick tutorials
- Access real-time and in-depth phishing results
- No installations or card details needed