MailSpoof ships with 45+ professionally crafted phishing templates spanning corporate, financial, social media, cloud, and consumer service attack vectors. Each template includes realistic HTML formatting, spoofed sender identity, and urgency-driven calls-to-action.
Corporate
Payment Authorization - CFO
Critical
Business Email Compromise — CFO impersonation pressuring urgent vendor payment.
HR Benefits Form Update
High
Human Resources Impersonation — fake benefits enrollment form to harvest PII.
Overdue Invoice Reminder
High
Finance Impersonation — fake past-due invoice with payment portal link.
Financial
Account Suspension Notice - Bank Security
Critical
Financial Institution Fraud — suspended account status panel with restore-access link.
PayPal Account Review
High
Financial Services Phishing — unusual activity review to resolve fake limitation.
PayPal Invoice Reminder
Medium
Financial Services Phishing — pending invoice payment CTA.
Security & IT
IT Service Desk - Password Reset
High
Technical Support Fraud — new-device login alert with "Verify Now" link.
MFA Reset Request
Critical
Security Operations Impersonation — expired MFA session re-authentication trap.
Microsoft 365 License Expiry Notice
Medium
Software/License Fraud — license expiration banner with renewal CTA.
Salesforce MFA Reset
High
SaaS Platform Phishing — forced MFA reset to capture credentials.
Apple ID Locked Alert
High
Consumer Account Phishing — sign-in anomaly lock with unlock CTA.
Social Media
LinkedIn Security Verification
High
Social Media Phishing — unusual login activity with verify-account link.
Facebook Policy Violation Review
High
Social Media Phishing — flagged page policy violation with review CTA.
Instagram Support Notice
Medium
Social Media Phishing — sign-in anomaly confirmation to avoid temporary lock.
Twitter/X Account Lock Notice
High
Social Media Phishing — temporary lock due to unusual activity with unlock link.
TikTok Creator Monetization Notice
Medium
Social Media Phishing — monetization eligibility review for creators.
YouTube Copyright Claim Notice
High
Social Media Phishing — fake copyright strike with review/counter-notice CTA.
Snapchat Account Locked
Medium
Social Media Phishing — suspicious activity lock with unlock CTA.
Pinterest Security Check
Medium
Social Media Phishing — new login review to keep boards secure.
Reddit Moderator Action Required
Medium
Social Media Phishing — fake moderator policy review notice.
Discord Trust & Safety Notice
Medium
Social Media Phishing — server compliance review to capture credentials.
Meta Ads Payment Failure
High
Social Media Phishing — ads billing failure with update-billing CTA.
Instagram Ads Policy Notice
High
Social Media Phishing — ads policy violation with review CTA.
LinkedIn Job Offer Confirmation
Medium
Social Media Phishing — fake job opportunity to harvest profile/login info.
Twitch Partner Eligibility Review
Medium
Social Media Phishing — partner review to collect credentials.
Collaboration
Slack Workspace Verification
High
Collaboration Platform Phishing — fake sign-in confirmation for workspace access.
Zoom Account Suspension Notice
High
Collaboration Platform Phishing — suspension threat to prompt verification.
Zoom Recording Share Notification
Medium
Collaboration Platform Phishing — cloud recording share with view link.
Outlook Quarantine Release
High
Email Platform Phishing — fake quarantined message release CTA.
Microsoft Teams Guest Access
Medium
Collaboration Platform Phishing — fake guest team invitation acceptance.
OneDrive Shared Folder Access
Medium
SaaS Platform Phishing — shared folder confirmation for OneDrive/SharePoint.
Google Workspace Sharing Review
Medium
SaaS Platform Phishing — document share review confirmation.
Dropbox File Access Expiring
Medium
File Sharing Phishing — shared file expiry with extend-access CTA.
Developer & Cloud
GitHub OAuth Re-Authentication
High
Developer Platform Phishing — OAuth re-auth for organization repo access.
GitLab OAuth Token Renewal
High
Developer Platform Phishing — token renewal to keep CI/CD access.
GitHub SSO Re-Verification
High
Developer Platform Phishing — SSO session expiration for org access.
Bitbucket Access Review
Medium
Developer Platform Phishing — pending access request review.
AWS Root Access Alert
Critical
Cloud Platform Phishing — root login detection with verify CTA.
Consumer Services
Spotify Payment Verification
Medium
Consumer Service Phishing — billing failure with verify-payment CTA.
Netflix Account Verification
Medium
Consumer Service Phishing — payment verification to continue streaming.
Airbnb Payout Confirmation
Medium
Consumer Service Phishing — payout details confirmation for hosts.
Uber Receipt Verification
Low
Consumer Service Phishing — trip receipt review to harvest billing info.
Amazon Order Verification
Medium
Consumer Service Phishing — fake order confirmation/dispute CTA.
Prime Video Payment Authorization
Medium
Consumer Service Phishing — payment authorization failure with update CTA.
Messaging
WhatsApp Backup Verification
Medium
Messaging Platform Phishing — backup access verification CTA.
Create Your Own Templates
MailSpoof includes an interactive template builder for crafting custom phishing scenarios tailored to your organization's unique threat landscape. Run the create command to start the wizard:
$ mailspoof create
Template name: Custom Invoice
Category: Billing Fraud
Severity: High
Tags: urgent, billing
[+] Template saved: ~/.mailspoof/templates/custom_invoice.txt
Preview & Filter
Preview any template before deploying it, and filter the list by keyword or tag to find the right scenario quickly.
$ mailspoof preview 1
$ mailspoof list --filter ceo
Edit & Remove Templates
Manage custom templates directly from the CLI. Edit opens your default editor (or nano), and remove deletes the custom template file.
$ mailspoof edit-template 6
$ mailspoof remove-template 6