How to Spot a Scam Email — 5 Warning Signs That Never Lie
Not every suspicious email is obvious. Some look exactly like real messages from companies you trust. But there are five reliable warning signs that reveal a scam every time — and once you know them, you'll spot fakes within seconds.
Think this email is a scam?
Forward it to us and get a free risk assessment in under 60 seconds.
The Five Warning Signs
Learn These Once — Spot Scams Forever
These five warning signs are present in virtually every scam email. Once you learn to recognize them, you will be able to identify phishing attempts within seconds.
Not every scam email has obvious typos or bizarre claims. The best phishing emails look almost identical to real messages from companies you trust. But there are five reliable indicators that reveal a fake every time.
1. Check the Sender's Email Address
The "From" name might say "Amazon" or "PayPal," but the actual email address tells the real story. Click or tap on the sender's name to reveal the full email address. Legitimate companies send from their own domain — @amazon.com, @paypal.com, @chase.com. Scammers use addresses like @amazon-support-verify.com or @paypa1.com.
2. Hover Over Links Before Clicking
Before clicking any link in an email, hover your mouse over it (on a phone, press and hold). The actual URL will appear. If the email claims to be from Netflix but the link goes to netflix-verify-account.com or any domain that isn't netflix.com, it's a scam.
3. Look for Urgency and Threats
Scam emails almost always create artificial urgency: "Your account will be closed in 24 hours," "Immediate action required," or "Legal proceedings will begin." Legitimate companies give you time to respond and don't threaten you into clicking links.
4. Watch for Requests for Sensitive Information
No legitimate company will ask for your password, Social Security number, or full credit card number through an email link. Banks, government agencies, and tech companies handle sensitive information through their secure websites and apps — not through emailed forms.
5. Notice Generic Greetings
Real emails from companies you do business with usually address you by name. Scam emails often use generic greetings like "Dear Customer," "Dear User," or "Dear Account Holder" because they're sent to thousands of people at once.
Red Flags
- Sender's actual email address doesn't match the company domain
- Links point to domains that aren't the real company website
- Creates urgency — act now or face consequences
- Asks for passwords, SSN, bank details, or credit card numbers
- Uses generic greetings instead of your name
What To Do When You Spot a Scam
What To Do
- Do not click any links or download any attachments
- Do not reply to the email
- Forward it to check@scam.support for confirmation if you're unsure
- Report it as phishing in your email client (Gmail, Outlook, etc.)
- Delete the email
A Note on AI-Generated Scams
Scam emails are becoming more sophisticated thanks to AI. Grammar and spelling mistakes — once reliable indicators — are less common in modern phishing emails. This makes the five warning signs above even more important, as they remain reliable regardless of how well-written the email is.
Sources
- FTC Consumer Information: How to recognize and avoid phishing scams
- FBI IC3 — Internet Crime Complaint Center
- Anti-Phishing Working Group (APWG) — Phishing Activity Trends Reports