Accept-all (catch-all) and unknown are not the same as valid. They mean the check could not prove the mailbox is real — treat...
Key Takeaways
- The sender’s real email address is one of the most reliable scam signs. Display names are easy to fake, but the actual sending domain usually gives it away.
- Scammers create urgency because pressure leads to mistakes. Slowing down gives you time to check the details.
- Links are a common phishing tool. Hover before you click, or press and hold on mobile, to see where the link really goes.
- Clean writing and a convincing layout no longer prove an email is legitimate. AI-assisted scams can look polished and realistic.
- When something feels off, verify through the company’s official website or a phone number you already trust. Do not use contact details from the suspicious email.
Scam and phishing emails are more convincing than they used to be. The obvious misspellings and fake inheritance stories are still out there, but they’ve been joined by emails that look like real messages from banks, delivery companies, software tools, and online services. Anyone can be targeted, and the realistic ones are easy to miss on a busy day.
You can usually tell if an email is a scam by checking three things: the sender’s real address, where the links actually go, and what the message is pressuring you to do. From there, the next steps are simple: recognize the red flags, verify the sender safely, and act quickly if you have already responded.
How to Tell If an Email Is a Scam
To tell if an email is a scam, check that the sender’s real address matches the company it claims to be from, hover over links to see where they truly lead, and be wary of urgency, requests for passwords or payment, and offers that seem too good to be true.
Most scam emails use more than one warning sign. A fake bank email, for example, might have an urgent subject line, a slightly misspelled sender domain, and a link that leads to an unfamiliar site. One issue might be easy to overlook, but several together are a clear warning. The red flags below cover the most reliable signs to check first.
1. The sender’s address or domain does not match
This is the most reliable indicator. Every email has a display name, which is the friendly label you see in your inbox, and a real sending address behind it. Scammers often set the display name to “PayPal” or “Amazon Support” while the actual sending address is something entirely unrelated or a convincing near-copy.
Always open the full email address before trusting the message. Watch for lookalike domains such as amazom.com instead of amazon.com, paypa1.com with a number replacing a letter, or netflix-support.info on an unfamiliar extension. These substitutions are easy to miss when you’re moving quickly.
Email spoofing can fake a familiar-looking address, so a correct-looking sender is not proof that the email is safe. For sensitive messages, always verify through a separate channel.
2. The message creates urgency, fear, or pressure
Scammers manufacture panic because rushed decisions make people less careful. Common pressure tactics include account-suspended notices, failed-payment alerts, threatened legal action, and short deadlines that give you 24 hours or less to act.
Treat forced urgency as a warning sign. Real organizations rarely demand instant action by email or attach immediate, irreversible consequences to one missed message. For example, a bank will not close your account in 24 hours without proper notice, and a delivery company will not destroy your parcel because you did not click a link within the hour.
3. It asks for passwords, payment, or personal details
Certain requests are almost always a scam signal:
- Passwords or security question answers
- Full credit or debit card numbers
- Social Security or national ID numbers
- One-time verification codes sent to your phone
- Wire transfers or gift card payments
- Requests to “confirm” account details through a link
Legitimate companies do not ask for passwords by email. They do not ask for gift cards as payment. They also will not ask you to verify sensitive account details through a link in an unexpected message. If an email asks for any of these, treat it as suspicious until you confirm it through an official channel.
4. The links do not go where they claim
Links are the most common delivery mechanism in phishing emails. The visible link text may look safe, such as paypal.com/security, but the real URL can lead somewhere completely different.
Before clicking any link in a suspicious email, hover over it on desktop, and the real destination appears in the browser’s status bar. On mobile, press and hold the link to preview the URL before tapping. If the visible text and real destination don’t match, don’t click.
Also, be careful with shortened links and unusually long URLs. Short links hide the real destination, while long URLs can bury a suspicious domain inside a string of characters. When a link looks familiar, but the URL does not match the official site, verify through a separate route instead.
5. There is an unexpected attachment
Unexpected attachments are a common way scammers spread malware. Be especially careful with files labeled as invoices, receipts, shipping documents, or anything that asks you to enable macros or log in.
Do not open attachments you were not expecting. Banks and reputable companies usually do not send unsolicited attachments. If an invoice comes from a company you do not recognize, or a file asks for your credentials, contact the supposed sender through their official website to confirm whether they actually sent anything.
6. The greeting is generic or impersonal
Mass-sent scam emails use openings like “Dear Customer,” “Dear User,” or “Valued Member” because the sender doesn’t know who you are. A company you have a real account with will typically address you by your name.
That said, a personalized greeting isn’t proof of safety. Some scams include your name because it appeared in a data breach, and sophisticated phishing campaigns pull real names specifically to appear more convincing. A personal greeting reduces suspicion but doesn’t remove the need to check the other signals.
7. The spelling, grammar, or formatting looks off
Obvious misspellings, awkward phrasing, inconsistent fonts, or a stretched logo are signs of a low-effort scam. When something looks like it was assembled quickly or translated poorly, treat that as a warning sign.
However, this is one of the weaker checks today. Scammers can use AI tools to write clean, polished emails that look much more convincing than older phishing attempts. Good grammar does not prove an email is safe. Use design and writing quality as supporting clues. If the email still has a strange sender address, suspicious link, urgent demand, or unexpected attachment, do not trust it just because the wording looks professional.
8. The offer or claim is too good to be true
Unexpected prizes, unclaimed refunds, lottery winnings, inheritances from distant relatives, or rewards programs you never joined are bait. So are messages that promise money but require a small upfront fee or your personal details to claim it (a pattern known as an advance-fee scam).
Remember this rule: if you didn’t enter it, apply for it, or do anything to earn it, treat it as suspicious. Genuine rewards do not appear out of nowhere by email. If an offer requires urgency, your details, or any upfront payment, it’s almost certainly not real.
How to Verify Whether an Email Is Legitimate
Spotting red flags is the first step. When you’re still unsure after checking, there are reliable ways to confirm whether an email is real without engaging with the message itself.
Contact the company through a separate, official channel
The most reliable verification method is to close the email and contact the supposed sender independently. Go to the company’s official website by typing the address directly into your browser (not by clicking any link in the email) and use the contact information there. Alternatively, call a number from official correspondence you’ve already confirmed is genuine.
This works because it bypasses any contact information the scammer controls. If the email is fake, the phone number and support address inside it point back to the scammer. Reaching the company through a channel you already trust means you’re talking to the real organization.
Check the sender address and email headers
Confirm the actual sending address beyond the display name, as explained in Red Flag 1 above. For a deeper check, open the email’s full headers; most email clients include a “show original” or “view raw” option. Inside, look for SPF, DKIM, and DMARC authentication results. A failed or missing authentication result on a message claiming to be from your bank is a strong spoofing signal.
You can also verify the sender’s email address to confirm it actually exists and is associated with a real domain. This is a useful step before responding or taking any action on an unfamiliar sender. Scammers frequently send from disposable email addresses built to be used once and then discarded, which is itself a sign the sender isn’t who they claim to be.
Common Types of Email Scams to Recognize
Scams follow recognizable templates. Knowing the most common types makes them easier to identify on first contact:
- Phishing: Fake login pages that copy banks, email providers, or online platforms to steal your username and password.
- Spoofing and impersonation: A familiar display name paired with a fake or misleading sender address, often pretending to be a colleague, executive, vendor, or support team.
- Invoice fraud and business email compromise (BEC): An unexpected invoice or a request to change payment details, typically impersonating a supplier or an internal finance contact.
- Prize and lottery scams: Winnings from a competition you never entered, requiring a fee or personal details to claim.
- Tech-support scams: Fake virus warnings or security alerts urging you to call a number or install software.
- Delivery and package scams: Missed-parcel notices with links requiring you to pay a customs fee or confirm your address.
- Account-verification scams: Urgent requests to confirm login credentials, typically mimicking platforms you use regularly.
A scam email will usually fit one of these templates closely. Recognizing the type gives you a head start before you even check the sender address or inspect the links.
What to Do If You Receive a Scam Email
Receiving a scam email doesn’t require anything complicated. The response is quick, and acting promptly is most important if you’ve already engaged with the message.
Report, block, and delete the email
If you haven’t clicked anything:
- Do not reply, click links, or open attachments.
- Report the email in your inbox. In Gmail, open the message, click the three-dot menu, and select Report phishing. Other major email providers have similar options.
- Report it to the company being impersonated, using the contact details on its official website.
- For broader reporting, you can also send it to CISA or the FTC.
- Block the sender and delete the email.
Reporting takes less than a minute and helps providers and authorities identify active campaigns and protect other people from the same sender.
What to do if you already clicked or shared information
Act quickly, but do not panic. Scam emails are designed to pressure people into mistakes, and being caught by one does not mean you were careless.
If you clicked a link but did not enter anything, close the page and run a security scan on your device as a precaution.
If you entered credentials or personal information:
- Change the password for the affected account right away.
- Change the password anywhere else you used the same one.
- Turn on two-factor authentication for the affected account.
- Contact your bank or card issuer if you shared financial details.
- Run a security scan to check for anything installed without your knowledge.
- Monitor your accounts and statements over the next few weeks.
- Be careful with follow-up scams, including fake “recovery services” that target people who have already been scammed.
If you shared sensitive identity details, consider placing a credit freeze with the major credit bureaus. This can help prevent someone from opening new accounts in your name.
Trust Your Instincts, Then Verify
Most scam emails give themselves away when you slow down and check the details. When a message pressures you to act immediately, asks for information a real company wouldn’t request by email, or comes from an address that looks slightly wrong, trust that hesitation.
Verify through a separate, official channel. Close the email, go to the company’s real website, and check from there. If the message is legitimate, you will confirm it quickly. If it is not, you avoid clicking, replying, or sharing information with a scammer.
When a sender’s address looks unfamiliar or slightly off, you can verify the sender’s email address before deciding whether to trust it. A quick sender check can remove the guesswork from an uncertain situation.