Check

Scam Emails and Phishing: How to Spot a Fake Before You Click

A scam email — often called "phishing" — is a fake message designed to look like it comes from a company you trust, so you'll click a link, hand over a password, or pay a bogus invoice. They can look very convincing, copying real logos, colors, and wording.

But nearly every phishing email gives itself away if you know where to look. This guide walks you through the tell-tale signs, shows real examples, and explains exactly what to do — including the steps to take if you've already clicked.

Not sure about an email you just received? Paste it into our free scam checker for an instant verdict, or use the checklist below to judge it yourself.

Not sure about a specific message?

Paste the exact text, email, or number and get an instant verdict.

Check it now

How to tell if an email is a scam

Before you click anything, run through these checks:

  • Look at the real sender address, not just the display name. Scammers show "PayPal Support" but the actual address is something like [email protected]. A mismatched or odd domain is a giant red flag.
  • Hover over links without clicking to see the true destination at the bottom of your screen. If it doesn't match the company's real website, don't click.
  • Watch for urgency and threats — "your account will be suspended," "verify within 24 hours," "payment failed."
  • Check the greeting — "Dear Customer" or "Dear user" instead of your name often signals a mass scam.
  • Notice odd spelling, grammar, or formatting — though AI has made some scam emails cleaner, so a polished email is not automatically safe.
  • Be suspicious of attachments you didn't expect, especially .zip, .html, or files asking you to "enable content."

Real examples of phishing emails

The most common phishing emails fall into a few buckets:

The account-verification scam: A fake email from "Netflix," "Amazon," "Apple," or your bank says your account is locked and you must "verify" by logging in through their link — which leads to a fake login page that steals your password.

The invoice / payment scam: "Your order of $599 has been processed. To cancel, call this number." You never ordered anything, so you call — and a fake agent talks you into a refund scam.

The boss or coworker scam ("business email compromise"): An email that looks like it's from your manager urgently asks you to buy gift cards or move money.

The delivery / parcel scam: "We couldn't deliver your package — confirm your address and pay a small fee."

The tech-support scam: A fake "virus detected" or "subscription renewing" email pushes you to call a number where they ask for remote access to your computer.

What to do if you clicked or replied to a phishing email

If you only opened the email and didn't click anything, you're almost certainly fine — just delete it. If you went further, act quickly:

1. If you entered a password, change it immediately on the real site, and change it anywhere else you used the same password. Turn on two-factor authentication.

2. If you gave card or bank details, call your bank or card issuer's fraud number (on the back of your card) right away to freeze and reissue the card.

3. If you opened an attachment or installed software, disconnect from the internet and run a full security scan; consider getting help from a trusted technician.

4. If it was a work email, tell your IT or security team at once.

5. Report it — forward phishing emails to [email protected] and file a report at reportfraud.ftc.gov. You can also report to the FBI at ic3.gov.

How to protect your email from scams

A few habits make phishing far less dangerous:

  • Turn on two-factor authentication on your email, bank, and shopping accounts. Even if a scammer gets your password, they can't get in without the second code.
  • Never log in through an email link. Always type the company's address yourself or use your saved bookmark.
  • Use a password manager so each account has a unique password — then one stolen password can't unlock everything.
  • Keep your devices and browser updated to close security holes.
  • Slow down when an email pressures you. Scammers rely on panic. A real company will give you time and a normal way to check.

When in doubt, contact the company directly using a number or website you looked up yourself — never the contact details in the suspicious email.

Frequently asked questions

Is this email a scam if it has my real name in it?

Possibly — scammers often buy lists that include real names and even partial account details, so a personalized greeting doesn't prove an email is genuine. Judge it by the sender's real address, the links, and whether it pressures you to act fast or share sensitive information.

How can I check the real sender of an email?

Tap or click the sender's name to reveal the full email address behind it. Look closely for misspellings or extra words in the domain, like "amaz0n-support.com" instead of "amazon.com." If the domain doesn't exactly match the official company, treat the email as a scam.

Is it dangerous just to open a scam email?

Simply opening an email is almost always safe on modern email apps. The risk comes from clicking links, downloading attachments, or replying with information. If you opened it but did nothing else, just delete it — and report it if you'd like to help others.

I entered my password on a fake login page — what now?

Change that password immediately on the real website, and change it anywhere else you reused it. Turn on two-factor authentication so a stolen password alone can't get anyone in. If it was a banking or payment site, contact that company's fraud line as well.

Where do I report a phishing email?

Forward it to [email protected], and report it to the FTC at reportfraud.ftc.gov. You can also file with the FBI's Internet Crime Complaint Center at ic3.gov. If it impersonated a specific company, most have a phishing report address such as phishing@ that company's domain.

Keep checking

Scam text messages Is this website a scam? I got scammed Scam analyzer