Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

10 phishing email examples for training: Free templates for your organisation

Employees are the weakest link to an organisation’s cybersecurity. With email phishing being rampant nowadays, here are phishing email examples for training your employees.

10 phishing email examples for training: Free templates for your organisation

As the weakest link to an organisation’s cybersecurity, every organisation should ensure that its employees are properly trained and made aware of various forms of phishing scams that could bait them into giving their access to the organisation.

Since phishing scams are rampant and come in various forms, having the employees be knowledgeable to know the difference between a legitimate transaction from a spoofed one goes a long way toward the organisation safety and security.

The following are the 10 templates that organisations could use to train their employees so that when bad actors are targeting them, they will never fall for it as they already have exposure to their tactics.

Also Read: Trackers are following Singaporeans online: They are the 2nd highest number per site!

10 phishing email examples

1. Suspicious activity on your account

This attack plays on the fear that someone you don’t know will get into your account and look through your sensitive information. This is enough to make many people act without thinking and take the bait. The phishing warning at the bottom of the email is the cherry on top of this scam. This is a sneaky way to make the target feel like they can trust the email.

2. Changes to the holiday policy

Changes to the holiday policy This phishing template piques the recipient’s interest by mentioning policy updates without giving away too much. This makes them more likely to click the call-to-action link to find out what’s changed.

3. Free legacy IT equipment

Who wouldn’t take the chance to get a laptop or tablet for free? Even more so when your trusted employer offers it to you. Even though it’s unlikely that a company would just give away a bunch of tech, it’s not unheard of for a company to give hardworking employees their old IT gear.

When you are excited and hopeful at the same time, you are more likely to fall for a “freebie” phishing attack.

4. COVID-19 scam

During the height of COVID-19, phishing attacks went up by 220%, with cybercriminals pretending to be the WHO, CDC, and government agencies.

During a pandemic, these attacks do a good job of taking advantage of people’s fear and willingness to follow official instructions. This makes them a dangerous trap.

5. Unsolicited invitation to a meeting

Since more people are working from home, we’ve been getting a lot of invites to virtual meetings. When people are busy, it’s easy to just click on another Zoom invite without thinking.

This phishing email also uses curiosity by leaving out the name of the host and the agenda, which makes the recipient want to click the link to find out more.

6. Higher profile views than usual

If you rarely post or apply for jobs, it can be surprising to find out that a lot of people are looking at your LinkedIn profile.

This sudden increase can be enough to make the recipient curious enough to click the “See who’s looking” link without thinking.

7. Your account is due to expire

Microsoft is one of the brands that people around the world trust the most. But trust can be a very effective phishing technique, especially when the email looks like the real thing. This Microsoft scam uses fear and time pressure to get the person to act right away.

Little information is given about why the payment information is about to expire, which makes the victim more likely to click the malicious link to find out.

8. Unknown purchase invoice

The person who gets this phishing email might be confused as to why they got an e-receipt for something they don’t remember buying. The template makes it look more real by showing what was bought and giving a “helpful” link to learn more and stop the payment.

phishing email examples for training

9. Missed parcel delivery

Cybercriminals like to use the “missed package” phishing email during busy shopping times like Christmas and Black Friday. This attack has two ways to trick the target. First of all, the person might be expecting a package, which makes this email seem even more real and tempting. If no order has been made, the person who got the email might be tempted to sign in and see what’s been ordered.

phishing email examples for training

10. Your payment didn’t go through.

Scammers often use the name of well-known business software, such as Xerox, to trick people. There’s a good chance that at least some of the people the criminal is after using the product and wouldn’t be surprised to get an email from the vendor. This phishing email about an unpaid bill uses a trusted brand and makes the target feel confused and scared.


Email phishing should be taken lightly by organisations as a successful one could mean a financial penalty from the PDPC for breaching the protection obligation. This could also mean a financial disaster for the employees themselves as the bad actor could impersonate their superiors or officers and ask them for their bank details. 

This is why it is of great importance that employees, as the weakest link to the organisation’s cybersecurity, be familiar with the different forms of phishing emails so that they can identify one when they are being targeted by bad actors.

This is also where a Data Protection Officer (DPO) can help, as it is the officer responsible for the general posture of an organisation’s cybersecurity. With a DPO, organisations can ensure that policies will be set in place and employees will be well aware of the danger of email phishing.

Also Read: Breach of PDPA Singapore: 5 Things Your Organisation Should Know



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us