6 Types of Phishing Emails to Keep an Eye on in 2022

6 Types of phishing emails

See GAT Labs
in action

Table of Contents

Phishing is the most common type of successful cyberattacks — which makes it a real threat to businesses of all types and sizes.

While phishing emails target both individuals and organisations, their impact on organizations can be significant, including recovery costs, loss of reputation, data breach fines, and decreased productivity.

The magical formula behind phishing is how they rely on simple psychological tricks, natural human responses, seasonality or global trends. 

This makes them hard to detect and increases their chances of stealing users’ sensitive information or credentials (using fake links or malicious attachments).

Today, as cybercriminals constantly update and polish their phishing scams, poor security practices and lack of employee phishing awareness make users more susceptible to these threats.

‘’Sophisticated phishing emails are behind more than 90% of successful cyberattacks’’ — Mike Rogers, US Chamber of Commerce’s cybersecurity summit.


  1. Phishing Awareness is your users’ first line of defence against phishing emails. Make sure they’re aware of current phishing trends and how to spot and deal with them.
  2. Email Filtering: Email filtering methods vary from Whitelisting certain senders, to enabling pre-delivery email scanning services.
  3. Use Anti-phishing Tools like GAT+ to save your domain from further damage if a phishing email ever gets in.
GAT+ enables Google Workspace Admins to instantly remove phishing emails from every account on their  domain if one ever gets in, thereby preventing further damage.



Complementing our awareness post The 5-Tell Tale Signs of a Phishing Email, make sure to share the below list too with your users:


‘’Malicious emails are up to 600% due to Covid-19%’’ — IBM and Ponemon Institute 2021 study. 

Basically, if there’s a worrying topic related to the pandemic, cyber criminals have sadly found a way to capitalise on it.

Keywords to look out for include: New variant details, Vaccination schemes, Booster shots, Health department guidelines.

See: 5 Pandemic Themed Phishing Emails to Watch Out for



Brand impersonation is one of the most common (and successful)  types of phishing emails, and we don’t expect it to go anywhere in 2022. 

Attackers trick you into thinking they’re someone you can trust enough to give out confidential information to, or click on links they provide.

ALWAYS double check the sender’s email first for inconsistencies.

If it doesn’t look right, check with the brand right away via the official contact details provided on their website.

Keywords to look out for include: Reset Password Required, Update payment information, Click on links, ect. 

Types of phishing emails - Brand Ipersonation



Postage-themed phishing emails have been making the rounds recently, whereby scammers ask you to pay a fee or track a fake package via a malicious link.

Be careful because these emails most often also integrate brand impersonation of well-known postage services, which makes them look more legitimate.

Keywords to look out for include: Failed delivery attempt, Pending customs fees, Tracking links of items you don’t recall ordering.



If an employee receives an email about a promotion or data breach, most likely than not they’ll open it. It’s a natural human response. Which is why these phishing emails get the most clicks.

Email subject lines requesting further actions with a sense of urgency or reward are a phishing classic — even with changing times, trends and subject lines.

Keywords to look out for include: Save your account, Grab your Bonus, Immediate Action required, Your Data will be lost.



This type of phishing emails has been especially targeting Finance employees, preying on their sense of responsibility to check and investigate any payment issues.

They then use fake links, attachments or even PDF files (see below) to steal your credentials, spread malware, etc.

Keywords to look out for include:  Overdue Invoice, Update Payment details, Pending Invoice, PO Attached.

Types of phishing emails invoices
Example of Phishing emails using fake pdf invoices



Finally, fake tax related phishing emails have been super common recently, especially during tax season.

They usually seek things like your Social Security Number, Banking details, or any other confidential information that can be used to impersonate you or hack your account(s).

If you receive a suspicious email purporting to be from a taxation entity, always further investigate before taking any action.

If you’re actually awaiting a tax or wage subsidy refund, contact your tax office first to check its status.

Keywords to look out for include: Your TAX Return for Year X, TAX Account Restricted, TAX Payment Deducted, TAX Refund Due, Update TAX Information.


Closing Thoughts:

While phishing emails keep changing to reflect the issues users care most about, if you look closer you’ll notice that the tell-tale signs don’t change much.

To protect your users and organisation against all types of phishing emails:

Increasing your user’s awareness of phishing is STEP ONE.

Deploying email filtering measures is STEP TWO.

And using Anti Phishing Tools for damage control is STEP THREE.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Try this Life-Changing Google Workspace Admin Hack

Try this Life-Changing Google Workspace Admin Hack

Here’s the one hack every Google Workspace admin needs to know: Automate all the things – Why waste time and effort on tasks that can …

Read More
Admin, are you Monitoring these Cloud Security Risks?
Cloud Security

Admin, are you monitoring these cloud security risks?

Do you know which are the most significant cloud security risks and how to deal with them? In a cloud-centric world of instant data sharing …

Read More
Quick guide to Data Loss Prevention for Google Chrome (1)
Chrome browsing

Quick guide to Data Loss Prevention for Google Chrome

Why is Data Loss Prevention for Google Chrome important — and how can admins get it right? In a browser-centric world of perpetual data sharing, …

Read More
Common Google Drive Problems for Admins

[Solved] 3 Common Google Drive Admin Problems

Make these Google Drive admin problems simpler with smart fixes Google Drive has completely changed the file sharing, storage and collaboration game over the past …

Read More