How to Recognize a Scam Email
Learn the warning signs of fraudulent emails and protect yourself from phishing, fake invoices, and online scams.
What you will learn
In this guide, you will learn how to identify fraudulent emails (also called “phishing” emails). These are fake messages designed to trick you into giving away your personal information, clicking dangerous links, or sending money. By the end, you will feel confident about which emails to trust and which to delete.
What you need
- Access to your email (on any device)
- A healthy dose of caution
Step-by-step instructions
Step 1: Check the sender’s email address
This is the single most important step. Look at the actual email address, not just the name displayed.
How to check:
- On a computer: hover your mouse over the sender’s name to see the full email address
- On a phone: tap the sender’s name to expand the details
Red flags:
- The address has strange characters:
support@amaz0n-security.com(note the zero) - The domain does not match the company: an email from “Apple” but the address ends in
@gmail.com - Random letters and numbers:
noreply@xk93jf.com
A real email from your bank will come from their actual domain, like @yourbank.com. If in doubt, do not click anything. Instead, open your browser and go to the company’s website directly.
Step 2: Look for urgency and fear
Scammers want you to act fast, before you have time to think. Watch for language like:
- “Your account will be closed in 24 hours”
- “Unauthorized access detected on your account”
- “You must verify your identity immediately”
- “Legal action will be taken if you do not respond”
Legitimate companies do not threaten you by email. If something is truly urgent, they will call you or send a physical letter.
Step 3: Examine links before clicking
Never click a link in an email without checking it first.
How to check a link:
- On a computer: hover your mouse over the link (do NOT click). Look at the bottom of your browser or the tooltip that appears. It shows the real web address.
- On a phone: press and hold the link (do NOT tap). A preview will appear showing the real address.
What to look for:
- Does the link go to the company’s real website?
https://www.amazon.com/...is real.https://amazon-verify.suspicious-site.com/...is fake. - Does it start with
https://? The “s” means secure. Not all scam sites lack it, but real companies always use it.
Step 4: Watch for poor writing
Many scam emails contain:
- Spelling mistakes and grammar errors
- Awkward phrasing that does not sound natural
- Generic greetings like “Dear Customer” instead of your actual name
- Inconsistent formatting (different fonts, odd spacing)
Your bank knows your name. If they email you, they use it.
Step 5: Be suspicious of attachments
Never open an attachment you were not expecting, even if it looks like a PDF, invoice, or photo.
Common dangerous attachments:
- “Invoice” or “receipt” you did not request
- “Shipping notification” for something you did not order
- Files ending in
.exe,.zip, or.scr
If you receive an unexpected invoice from a company you use, log in to their website directly (not through the email) and check your account there.
Step 6: When in doubt, verify independently
If an email claims to be from your bank, your phone provider, or any company:
- Do NOT click any links in the email
- Open your browser and go to the company’s website by typing the address yourself
- Log in normally and check if there are any real alerts or messages
- Call them using the phone number on their official website (not the number in the email)
This simple step defeats almost every email scam.
Quick reference: safe vs suspicious
| Safe email | Suspicious email |
|---|---|
| Uses your real name | ”Dear Customer” or “Dear User” |
| From the company’s real domain | From a strange or misspelled domain |
| No urgent threats | ”Act now or else” |
| Links go to the real website | Links go to unknown websites |
| Professional writing | Spelling errors, odd phrasing |
| You expected it | Came out of nowhere |
What to do with a scam email
- Do not click any links
- Do not download any attachments
- Do not reply
- Mark it as spam (this helps your email provider filter future scams)
- Delete it
You do not need to report every scam email. Just delete it and move on. If it claims to be from a company you use and you are worried, contact the real company directly.
Frequently asked questions
What should I do if I already clicked a link in a scam email?
Do not panic. Close the website immediately. If you entered any passwords, change them right away on the real website. If you entered bank information, contact your bank immediately. Run a virus scan on your device if possible.
Can scam emails come from people I know?
Yes. Scammers can fake the sender address to look like someone you know. They can also hack someone's email account and send messages from it. If a message from a friend seems unusual, contact them by phone to verify.
Are scam emails only in English?
No. Scam emails exist in every language. In fact, scams in your native language can be more convincing because they feel familiar.
How do scammers get my email address?
Email addresses are often collected from data breaches, public websites, social media profiles, or simply guessed. This is normal and happens to everyone. The important thing is knowing how to spot the scams.