Phishing Email Simulator
Practice identifying phishing emails in a safe environment. Can you tell which messages are legitimate and which are scams?
Practice Your Phishing Detection Skills
Recognizing phishing emails is an essential skill for staying safe online. This simulator lets you practice in a safe environment.
How This Simulator Works:
- Examine each email carefully
- Look for warning signs like suspicious sender addresses, urgent language, generic greetings, and requests for personal information
- Decide whether you think the email is real or fake
- Click "I Think It's Real" or "I Think It's Fake" to see the correct answer and explanation
- Use the "Try Again" button to reset and test your skills again
Why This Matters
Phishing emails are one of the most common ways scammers try to steal your personal information and money. Learn to spot these red flags:
- Suspicious sender addresses that mimic legitimate companies
- Urgent language designed to make you act without thinking
- Generic greetings instead of your actual name
- Poor grammar and spelling
- Requests for personal information
- Suspicious links and attachments
Email Examples
Can you identify which emails are legitimate and which are phishing attempts?
From: order-confirmation@amazon.com
To: johndoe@email.com
Subject: Your Amazon.com order #112-3456789-1234567
Hello John Doe,
Thank you for your order. We'll send a confirmation when your items ship.
Your Order #112-3456789-1234567
Placed on Monday, March 17, 2025
Wireless Headphones
$89.99 - Quantity: 1
Sold by: ElectronicsPlus
Arriving: Mar 20 - Mar 22
Subtotal: $89.99
Shipping & Handling: $0.00
Tax: $7.20
Order Total: $97.19
Your order will be sent to:
John Doe
123 Main Street
Anytown, CA 12345
For more information or to make changes to your order, visit
on Amazon.com.Correct! This is a LEGITIMATE email from Amazon.
This is an authentic Amazon order confirmation email. Here's why it's legitimate:
- Correct sender address: The email comes from "order-confirmation@amazon.com" - an official Amazon domain
- Personalized: It includes the customer's name and specific order details
- No urgent action required: It's simply confirming an order, not asking you to click links to "verify" anything
- Professional writing: No grammatical errors or misspellings
- No suspicious requests: It doesn't ask for payment information or passwords
- Clear order information: Contains detailed, specific order information including your address
Even with legitimate emails, it's always safest to access your account by typing amazon.com into your browser directly, rather than clicking links in emails.
Incorrect! This is actually a LEGITIMATE email from Amazon.
This is an authentic Amazon order confirmation email. Here's why it's legitimate:
- Correct sender address: The email comes from "order-confirmation@amazon.com" - an official Amazon domain
- Personalized: It includes the customer's name and specific order details
- No urgent action required: It's simply confirming an order, not asking you to click links to "verify" anything
- Professional writing: No grammatical errors or misspellings
- No suspicious requests: It doesn't ask for payment information or passwords
- Clear order information: Contains detailed, specific order information including your address
Even with legitimate emails, it's always safest to access your account by typing amazon.com into your browser directly, rather than clicking links in emails.
From: security-noreply@paypal-verification.com
To: johndoe@email.com
Subject: PayPal Account Security Alert - Immediate Action Required
Security Alert: Unauthorized Login Attempt
Dear Customer,
We have detected suspicious activity on your PayPal account. Multiple login attempts from unrecognized device located in Eastern Europe were detected on your account.
For your security, we have temporary limited your account access. To restore full account access and prevent unauthorized transactions, you need to verify your account information immediately.
If we do not verify your information within 24 hours, your account will be limited indefinitely until verification is complete.
If you did not attempt to access your account, we strongly recommend changing your password after verification.
Thank you for your prompt attention to this matter.
Sincerely,
PayPal Security Team
Incorrect! This is a FAKE email (phishing attempt).
This is a phishing email designed to steal your PayPal login credentials. Here are the red flags:
- Suspicious sender address: "security-noreply@paypal-verification.com" is not an official PayPal domain. Legitimate PayPal emails come from paypal.com domain only
- Urgent language: Creating panic with phrases like "Immediate action required" and "account will be limited"
- Generic greeting: "Dear Customer" instead of using your actual name
- Suspicious link: The "Verify Account" button would lead to a fake website designed to steal your login information
- Grammar errors: Several grammar and punctuation mistakes that wouldn't appear in official communications
- Vague threats: Mentions of suspicious activity without specific details
If you're concerned about your PayPal account, never click links in emails. Instead, type paypal.com directly in your browser and log in to check your account status.
Correct! This is a FAKE email (phishing attempt).
This is a phishing email designed to steal your PayPal login credentials. Here are the red flags:
- Suspicious sender address: "security-noreply@paypal-verification.com" is not an official PayPal domain. Legitimate PayPal emails come from paypal.com domain only
- Urgent language: Creating panic with phrases like "Immediate action required" and "account will be limited"
- Generic greeting: "Dear Customer" instead of using your actual name
- Suspicious link: The "Verify Account" button would lead to a fake website designed to steal your login information
- Grammar errors: Several grammar and punctuation mistakes that wouldn't appear in official communications
- Vague threats: Mentions of suspicious activity without specific details
If you're concerned about your PayPal account, never click links in emails. Instead, type paypal.com directly in your browser and log in to check your account status.
From: apple-id-verify@secure-appleid.com
To: johndoe@email.com
Subject: Your Apple ID has been locked for security reasons
Dear Apple Customer,
Your Apple ID has been locked due to too many failed authentication attempts.
We have detected unusual activity on your Apple account and have locked it as a security precaution. This may have happened because of too many failed login attempts or unrecognized changes to your account information.
To unlock your Apple ID and restore access to Apple services, you must verify your account details within 24 hours or your account will be permanently disabled.
If you don't verify your account, you will lose access to:
- App Store
- iCloud services
- iTunes
- Apple Music
- All Apple devices connected to this ID
Thank you for your immediate attention to this matter.
Apple Support Team
Incorrect! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Apple ID credentials. Here are the red flags:
- Fake sender address: "apple-id-verify@secure-appleid.com" is not an official Apple domain. Legitimate Apple emails come from domains like apple.com or icloud.com
- Urgent language: Creating fear with "Your Apple ID has been locked" and setting a 24-hour deadline
- Generic greeting: "Dear Apple Customer" instead of using your name
- Vague information: No specific details about your account that a legitimate email would include
- Suspicious link: The "Verify Now" button would lead to a fake website designed to steal your Apple ID and password
- Threats: Listing all the services you'll lose access to is designed to create panic
If you're concerned about your Apple ID, go directly to appleid.apple.com in your browser to check your account status.
Correct! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Apple ID credentials. Here are the red flags:
- Fake sender address: "apple-id-verify@secure-appleid.com" is not an official Apple domain. Legitimate Apple emails come from domains like apple.com or icloud.com
- Urgent language: Creating fear with "Your Apple ID has been locked" and setting a 24-hour deadline
- Generic greeting: "Dear Apple Customer" instead of using your name
- Vague information: No specific details about your account that a legitimate email would include
- Suspicious link: The "Verify Now" button would lead to a fake website designed to steal your Apple ID and password
- Threats: Listing all the services you'll lose access to is designed to create panic
If you're concerned about your Apple ID, go directly to appleid.apple.com in your browser to check your account status.
From: security-noreply@google.com
To: johndoe@gmail.com
Subject: New sign-in on Windows device
New sign-in on Windows
Hi John,
Your Google Account was just signed into from a new Windows device. You're getting this email to make sure it was you.
Windows Device
March 27, 2025, 9:42 AM (Eastern Time)
Chicago, United States
Chrome browser
If you didn't sign in recently, someone else might be using your account. Check and secure your account now.
You can also see security activity at:
https://myaccount.google.com/notifications
Best,
The Google Accounts team
Correct! This is a LEGITIMATE email from Google.
This is an authentic Google security alert. Here's why it's legitimate:
- Correct sender address: The email comes from "security-noreply@google.com" - an official Google domain
- Personalized greeting: It addresses you by your first name
- Specific information: It mentions the exact device type, time, location, and browser that accessed your account
- Clear options: It provides multiple action choices, not just a single alarming button
- Non-alarmist tone: The email is informative without creating panic
- Additional verification option: It provides the account activity page URL, which you can type manually if you prefer
Google does send real security alerts when new devices access your account. However, for maximum safety, you can always go directly to myaccount.google.com to check your recent security activity instead of clicking email links.
Incorrect! This is actually a LEGITIMATE email from Google.
This is an authentic Google security alert. Here's why it's legitimate:
- Correct sender address: The email comes from "security-noreply@google.com" - an official Google domain
- Personalized greeting: It addresses you by your first name
- Specific information: It mentions the exact device type, time, location, and browser that accessed your account
- Clear options: It provides multiple action choices, not just a single alarming button
- Non-alarmist tone: The email is informative without creating panic
- Additional verification option: It provides the account activity page URL, which you can type manually if you prefer
Google does send real security alerts when new devices access your account. However, for maximum safety, you can always go directly to myaccount.google.com to check your recent security activity instead of clicking email links.
From: info@netflix-accounts.com
To: johndoe@email.com
Subject: Netflix: Your account is on hold
Hello,
We're having some trouble with your current billing information. We'll try again, but in the meantime you may want to update your payment details.
Your account is on hold because of a problem with your last payment.
Update your payment method by the end of the day to avoid interruption of your service.
If you have questions, we're here to help. Visit the
for more info or contact us.The Netflix Team
Incorrect! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Netflix login and payment information. Here are the red flags:
- Fake sender address: "info@netflix-accounts.com" is not an official Netflix domain. Legitimate Netflix emails come from netflix.com
- Urgent language: Creating panic with "Your account is on hold" and "by the end of the day"
- Generic greeting: "Hello" instead of using your name (Netflix always addresses you by name)
- Grammar and phrasing errors: Several awkward phrases that Netflix wouldn't use
- Suspicious link: The "Update Your Payment Method" button would lead to a fake website designed to steal your information
- Vague information: No specific details about your account or subscription
If you're concerned about your Netflix account, never click links in emails. Instead, type netflix.com directly in your browser and log in to check your account status.
Correct! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Netflix login and payment information. Here are the red flags:
- Fake sender address: "info@netflix-accounts.com" is not an official Netflix domain. Legitimate Netflix emails come from netflix.com
- Urgent language: Creating panic with "Your account is on hold" and "by the end of the day"
- Generic greeting: "Hello" instead of using your name (Netflix always addresses you by name)
- Grammar and phrasing errors: Several awkward phrases that Netflix wouldn't use
- Suspicious link: The "Update Your Payment Method" button would lead to a fake website designed to steal your information
- Vague information: No specific details about your account or subscription
If you're concerned about your Netflix account, never click links in emails. Instead, type netflix.com directly in your browser and log in to check your account status.
From: account-security@microsoft.com
To: johndoe@outlook.com
Subject: Microsoft account security alert
Microsoft account security alert
Hi John,
We detected a new sign-in to your Microsoft account.
Windows 11 PC
Thursday, March 27, 2025 10:15 AM (Eastern Time)
Browser: Edge
IP address: 73.45.xxx.xxx
Approximate location: Boston, MA, USA
If this was you, you can safely ignore this email.
If this wasn't you, a person or app might be accessing your account without your permission. To help keep your account secure, we recommend that you review your recent activity and secure your account.
You can also review your recent activity at
Thanks,
The Microsoft account team
Correct! This is a LEGITIMATE email from Microsoft.
This is an authentic Microsoft security alert. Here's why it's legitimate:
- Correct sender address: The email comes from "account-security@microsoft.com" - an official Microsoft domain
- Personal greeting: It addresses you by name
- Specific details: It provides specific information about the device, browser, location, and time
- Multiple options: It gives you both "Yes" and "No" options, not just a single alarming button
- Non-alarmist tone: The email is informative without creating panic
- No request for personal information: It doesn't ask for your password or account details
- Alternative verification path: It provides a direct link to Microsoft's security page that you can type manually
Microsoft does send real security alerts when new devices access your account. However, for maximum security, you can always go directly to account.microsoft.com to check your recent activity instead of clicking email links.
Incorrect! This is actually a LEGITIMATE email from Microsoft.
This is an authentic Microsoft security alert. Here's why it's legitimate:
- Correct sender address: The email comes from "account-security@microsoft.com" - an official Microsoft domain
- Personal greeting: It addresses you by name
- Specific details: It provides specific information about the device, browser, location, and time
- Multiple options: It gives you both "Yes" and "No" options, not just a single alarming button
- Non-alarmist tone: The email is informative without creating panic
- No request for personal information: It doesn't ask for your password or account details
- Alternative verification path: It provides a direct link to Microsoft's security page that you can type manually
Microsoft does send real security alerts when new devices access your account. However, for maximum security, you can always go directly to account.microsoft.com to check your recent activity instead of clicking email links.
From: customerservice@secure-bankofamerica.com
To: johndoe@email.com
Subject: URGENT: Your Bank of America account has been limited
IMPORTANT: Action Required - Account Access Limited
Dear Valued Customer,
We regret to inform you that your Bank of America account access has been temporarily limited due to failed verification of your information. This decision was made to ensure the safety and integrity of your account.
Our system has detected unusual activity, and we need to verify your identity to restore full access to your account. Failure to verify your information within 24 hours may result in permanent account limitations.
Please note that this issue requires your immediate attention.
For security reasons, please do not reply to this email. If you have any questions, please contact our customer service at 1-800-123-4567.
Thank you for your cooperation and understanding.
Sincerely,
Bank of America Security Team
Incorrect! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your banking credentials. Here are the red flags:
- Fake sender address: "customerservice@secure-bankofamerica.com" is not an official Bank of America domain. Legitimate Bank of America emails come from bankofamerica.com
- Urgent language: "URGENT" in the subject line and mentioning "24 hours" deadline to create panic
- Generic greeting: "Dear Valued Customer" instead of using your name
- Vague information: Mentions "unusual activity" without any specific details
- Suspicious link: The "Verify Your Account Now" button would lead to a fake website
- Pressure tactics: Threatens "permanent account limitations" to force immediate action
Legitimate banks never ask you to click email links to verify your identity. If you're concerned about your account, call the official bank number on the back of your card or type bankofamerica.com directly in your browser.
Correct! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your banking credentials. Here are the red flags:
- Fake sender address: "customerservice@secure-bankofamerica.com" is not an official Bank of America domain. Legitimate Bank of America emails come from bankofamerica.com
- Urgent language: "URGENT" in the subject line and mentioning "24 hours" deadline to create panic
- Generic greeting: "Dear Valued Customer" instead of using your name
- Vague information: Mentions "unusual activity" without any specific details
- Suspicious link: The "Verify Your Account Now" button would lead to a fake website
- Pressure tactics: Threatens "permanent account limitations" to force immediate action
Legitimate banks never ask you to click email links to verify your identity. If you're concerned about your account, call the official bank number on the back of your card or type bankofamerica.com directly in your browser.
From: security@facebook-support.com
To: johndoe@email.com
Subject: Your Facebook account will be disabled soon
Facebook Account Warning
Dear User,
We have received multiple reports that your account has violated Facebook's Community Standards. As a result, your account is scheduled to be disabled within 48 hours.
If you believe this is a mistake, you must verify your account ownership immediately to avoid account termination. To keep your account active, please confirm your identity by clicking the link below:
If you do not verify your account within 48 hours, it will be permanently disabled and all your data will be lost.
Thank you for your cooperation.
The Facebook Security Team
Incorrect! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Facebook credentials. Here are the red flags:
- Fake sender address: "security@facebook-support.com" is not an official Facebook domain. Legitimate Facebook emails come from facebook.com or facebookmail.com
- Threatening subject line: "Your Facebook account will be disabled soon" creates immediate fear
- Generic greeting: "Dear User" instead of your name (Facebook always uses your name)
- Vague accusations: Claims of "multiple reports" without specific details of what standards were violated
- Urgent deadline: The 48-hour countdown creates pressure to act quickly without thinking
- Extreme consequences: Threatening permanent loss of all your data
- Suspicious link: The "Verify Account Ownership" button would lead to a fake website
If you're concerned about your Facebook account, never click links in emails. Instead, open your browser, go directly to facebook.com, log in, and check your account notifications there.
Correct! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Facebook credentials. Here are the red flags:
- Fake sender address: "security@facebook-support.com" is not an official Facebook domain. Legitimate Facebook emails come from facebook.com or facebookmail.com
- Threatening subject line: "Your Facebook account will be disabled soon" creates immediate fear
- Generic greeting: "Dear User" instead of your name (Facebook always uses your name)
- Vague accusations: Claims of "multiple reports" without specific details of what standards were violated
- Urgent deadline: The 48-hour countdown creates pressure to act quickly without thinking
- Extreme consequences: Threatening permanent loss of all your data
- Suspicious link: The "Verify Account Ownership" button would lead to a fake website
If you're concerned about your Facebook account, never click links in emails. Instead, open your browser, go directly to facebook.com, log in, and check your account notifications there.
From: BestBuyInfo@emailinfo.bestbuy.com
To: johndoe@email.com
Subject: Your Best Buy Order Confirmation #BBY0123456789
Thanks for your order, John!
We've received your order and will let you know when it ships. If you chose store pickup, we'll email you when it's ready.
Order Details
Order Number: BBY0123456789
Order Date: March 27, 2025
Total: $259.99
Payment Method: Visa ending in 1234
Items in Your Order
Black - Model: XYZ-123
View or manage your order in
Thank you for shopping at Best Buy!
Correct! This is a LEGITIMATE email from Best Buy.
This is an authentic order confirmation email. Here's why it's legitimate:
- Correct sender address: The email comes from "BestBuyInfo@emailinfo.bestbuy.com" - an official Best Buy domain
- Personal greeting: It addresses you by your first name
- Specific order details: It includes your complete order number, date, and specific product information
- Payment information: It shows only the last four digits of your credit card, not the full number
- No urgent action required: It's simply confirming an order, not asking you to verify anything
- Professional design and writing: No grammar errors or awkward phrasing
Order confirmation emails are common after making a purchase. However, for maximum security, you can always log in to your Best Buy account directly at bestbuy.com to check your orders instead of clicking email links.
Incorrect! This is actually a LEGITIMATE email from Best Buy.
This is an authentic order confirmation email. Here's why it's legitimate:
- Correct sender address: The email comes from "BestBuyInfo@emailinfo.bestbuy.com" - an official Best Buy domain
- Personal greeting: It addresses you by your first name
- Specific order details: It includes your complete order number, date, and specific product information
- Payment information: It shows only the last four digits of your credit card, not the full number
- No urgent action required: It's simply confirming an order, not asking you to verify anything
- Professional design and writing: No grammar errors or awkward phrasing
Order confirmation emails are common after making a purchase. However, for maximum security, you can always log in to your Best Buy account directly at bestbuy.com to check your orders instead of clicking email links.
From: account-update@amazonn.com
To: johndoe@email.com
Subject: Reset Your Amazon Password - Urgent Security Notice
Amazon Security Alert - Action Required
Dear Customer,
We have detected unusual sign-in activities on your Amazon account. For your protection, we have temporarily limited access to your account until you verify your identity.
Please reset your password immediately to restore full access to your account and protect your personal information and purchase history.
Note: If you don't reset your password within 24 hours, your account will be suspended for security reasons.
If you did not attempt to sign in to your Amazon account recently, please reset your password immediately to secure your account.
Thank you for your cooperation.
Amazon Security Team
Incorrect! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Amazon account credentials. Here are the red flags:
- Fake sender address: "account-update@amazonn.com" has a misspelling of "amazonn.com" (note the double "n"). Legitimate Amazon emails come from amazon.com domains
- Urgent subject line: "Urgent Security Notice" creates immediate fear
- Generic greeting: "Dear Customer" instead of using your name (Amazon typically uses your name)
- Vague threat: Mentions "unusual sign-in activities" without specific details
- Time pressure: The 24-hour deadline creates urgency to act without thinking
- Suspicious link: The "Reset Your Password Now" button would lead to a fake website designed to steal your credentials
If you're concerned about your Amazon account, never click links in emails. Instead, open your browser, go directly to amazon.com, log in, and manage your account security settings there.
Correct! This is a FAKE email (phishing attempt).
This is a phishing email trying to steal your Amazon account credentials. Here are the red flags:
- Fake sender address: "account-update@amazonn.com" has a misspelling of "amazonn.com" (note the double "n"). Legitimate Amazon emails come from amazon.com domains
- Urgent subject line: "Urgent Security Notice" creates immediate fear
- Generic greeting: "Dear Customer" instead of using your name (Amazon typically uses your name)
- Vague threat: Mentions "unusual sign-in activities" without specific details
- Time pressure: The 24-hour deadline creates urgency to act without thinking
- Suspicious link: The "Reset Your Password Now" button would lead to a fake website designed to steal your credentials
If you're concerned about your Amazon account, never click links in emails. Instead, open your browser, go directly to amazon.com, log in, and manage your account security settings there.
Key Phishing Warning Signs
Red Flags to Look For:
- Suspicious sender addresses: Check if the email comes from an official domain (e.g., amazon.com vs. amazon-secure-notification.com)
- Urgent or threatening language: Phrases like "account suspended," "immediate action required," or "security breach"
- Generic greetings: "Dear Customer" or "Account Holder" instead of your name
- Poor grammar and spelling: Professional companies have editors and don't make basic language mistakes
- Requests for personal information: Legitimate companies rarely ask for passwords or account numbers via email
- Suspicious links and attachments: Hover over links (without clicking) to see where they really lead
- Time pressure: Setting short deadlines (24-48 hours) to force quick, thoughtless action
- Vague accusations: Mentioning "unusual activity" without specific details
How to Stay Safe:
- Never click suspicious links: Instead, type the company's official web address directly in your browser
- Don't download unexpected attachments: These could contain malware
- Be skeptical of urgency: Legitimate organizations don't pressure you to act immediately
- Use two-factor authentication: This adds an extra layer of security to your accounts
- Keep your software updated: This helps protect against security vulnerabilities
- Report suspicious emails: Forward phishing attempts to the company being impersonated and to reportphishing@apwg.org
- Check the sender address carefully: Look for slight misspellings or additional words in the domain
- When in doubt, call the company: Use the official phone number from their website, not from the email
Remember This Golden Rule
When in doubt, don't click. Go directly to the official website by typing the address yourself.
Want More Practice?
Continue building your phishing recognition skills with these resources.
Need Help Right Now?
If you think you've encountered a phishing attempt or may have already been a victim, we're here to help.
In emergency situations involving financial loss, call your bank or credit card company immediately.