Stories & examples

With the interactive scenarios based on real details below, you can put yourself in the shoes of someone struggling with a phishing attack. Think through how each person could have handled the situation differently. Consider if you might be vulnerable to a similar scam.

With the provided questions and answers for each scenario, you'll learn what to watch out for and how to protect yourself.

Practice your response with these scenarios

Avatar of a fictitious character named "Gilly"

Can you relate?

Avatar of a fictitious character named "Gordon"

What would you do?

Avatar of a fictitious character named "Garmin"

Could this happen to you?


Garmin is an IU graduate student in his final year. He receives a message that seems to be from the head of his department, recommending he attend an upcoming event.

He clicks the “Register” link, which results in a “page not found” notice on an unknown website.Garmin doesn’t realize that by clicking the link, a keylogging malware application was installed on his computer. Later, from that same computer, he makes some online purchases.

pencil writing iconBefore expanding the below sections, write down your responses for yourself. Then compare your answers.

  • Garmin could have tapped the sender's name to check the real reply-to email address. It likely was not a legitimate IU email address, as it is very hard for phishers to spoof the actual reply-to email address of an email.
  • Garmin could have checked if the message had IU's Trusted Security Footer to indicate the message is from a trustworthy sender.
  • Instead of clicking on the link in the email, Garmin could have searched for the name of the event online to see if it is publicized elsewhere and scrutinized all search results carefully. Learn more about how to be sure a website is genuine.
  • If unable to verify the sender's reply-to email address or digital signature, Garmin could have contacted the sender directly by phone to verify the veracity of the message.

  • Keylogging malware tracks all keystrokes made on a keyboard by the targeted user, to look for patterns and possible credential information. This means that in addition to giving up credit card information from his online purchase, any system Garmin logged in to by typing his username and passphrase after the malware was installed is now compromised. This could include email accounts, bank accounts, IU systems, and more.
  • If the phishers gather enough information and access based on Garmin's keystrokes, Garmin's data and finances could be severely compromised beyond quick repair.
  • If the phishers gather enough information and access based on Garmin's keystrokes, IU's data and finances could be severely compromised, depending on what Garmin has access to.

  • Garmin's own personal identity could be compromised, if the phishers uncover enough sensitive data about him using his credentials. This could lead to debt, ruined credit, and other legal and financial issues.
  • As a graduate student at a pivotal time in his early career, this could lead to having a hard time finding job placements, and lead to a continual financial struggle.
  • Scammers using Garmin's IU credentials could steal critical research data from the university, depending on what Garmin has access to as part of his research and studies. 

  1. Contact his campus UITS Support Center to request a temporary passphrase scramble and get help to report the phish.
  2. Ask for help from the UITS Support Center to completely wipe and reset his affected computer.
  3. Change his passphrases for all of his accounts. Start with emails, then go to banks, and so on, in order of highest priority. Begin to use a reputable password manager to make sure passwords are never repeated. Learn more about how to keep your IU passphrase secure.
  4. Monitor his credit reports and credit card statements for fraud. Contact all financial institutions for exact recommended next steps.
  5. Freeze or take other action to protect credit reports.
  6. Strengthen his skills to recognize, rethink, and report phishing attempts in the future.

Now that you have practiced your responses, let's add to your skillset.  

The hook: Follow urgent banking transaction instructions

phishing example of impersonating a manager giving bank wiring instructions

This is an example of a spear phishing email, designed to impersonate a person of authority requiring that a banking or wiring transaction be completed. The request is designed to be urgent to prompt action without thinking. 

Image source: blog article "15 Examples of Phishing Emails from 2016-2017"

The hook: Complete invoice payment or face penalties

phishing example of impersonating a company with an unpaid invoice and requiring payment

This email impersonates a financial institution requiring that an invoice be paid. 

Image source: blog article "15 Examples of Phishing Emails from 2016-2017"

The hook: Enter details to process refund

phishing example of Amazon email notice requiring action to receive refund

This phishing email impersonated Amazon, requiring immediate action in order to receive a refund. Notice several punctuation errors in the text. When hovering over the URL, you would also see a URL domain that was designed to look legitimate, but was not an actual Amazon domain. 

Image source:

The hook: Investigate unusual account activity

phishing example of email from Microsoft tech support

This email makes the recipient concerned about (fake) recent international activity on their account. The email contains a link to review the activity, but the link was not legitimate.

Image source:

The hook: Restart service with payment

phishing example of a Netflix email notification requiring restart action via a link

This email impersonates Netflix, a popular video streaming service, and requires that the recipient click the link to restart a membership. This was a very sophisticated phish, mimicking the service's brand and all the way through to a scam site that collected payment details. 

Image source: blog article "15 Examples of Phishing Emails from 2016-2017"

The hook: Send sensitive information to authority immediately

phishing example of request for recipient to send sensitive info via email

This email impersonates an authority at the company and requires that sensitive information is sent to a third party (a fake accounting firm). While you might not have access to W-2 forms, consider other data you have access to that could be requested by a spammer. Investigate all requests for data extremely carefully and use only approved ways to share sensitive institutional data.

Image source: blog article "15 Examples of Phishing Emails from 2016-2017"