📧

Received an Unexpected Email?

Email scams are becoming increasingly sophisticated. Learn how to verify sender authenticity and protect yourself from phishing attacks.

Why Email Remains a Primary Attack Vector

Despite decades of awareness campaigns, email remains the #1 way cybercriminals reach victims. Why? Because it's easy to fake, can look extremely professional, and people check email constantly throughout the day.

In 2024, over 3.4 billion phishing emails were sent daily, with business email compromise (BEC) scams resulting in losses exceeding $2.7 billion in the U.S. alone.

Common Types of Email Scams

🎣 Phishing Emails

What they claim: To be from your bank, a service you use, or a trusted organization requesting you verify account details or reset passwords.

The goal: Steal your login credentials, personal information, or payment details through fake login pages.

Risk level: Very High

Warning signs: Generic greetings, urgent language, suspicious links, requests for sensitive information, poor grammar.

💼 Business Email Compromise (BEC)

What they claim: To be from your CEO, manager, or business partner requesting urgent wire transfers or sensitive information.

The goal: Trick employees into transferring money or revealing confidential business information.

Risk level: Very High

Warning signs: Unusual requests, urgency, slightly altered email addresses, requests to bypass normal procedures.

🏦 Invoice/Payment Scams

What they claim: To be legitimate invoices from vendors, with payment instructions directing funds to scammer-controlled accounts.

The goal: Redirect legitimate business payments to fraudulent accounts.

Risk level: Very High

Warning signs: New payment instructions, urgent payment requests, changes to routing/account numbers.

📦 Fake Shipping Notifications

What they claim: Package delivery issues requiring you to download attachments or click links to track shipments.

The goal: Install malware on your device or steal personal information.

Risk level: High

Warning signs: You weren't expecting a package, suspicious attachments, requests for personal info.

❤️ Romance/Relationship Scams

What they claim: To be someone interested in a relationship, eventually leading to requests for money or gift cards.

The goal: Build trust over time, then exploit emotions for financial gain.

Risk level: Very High (emotionally and financially)

Warning signs: Moving quickly to private email, professions of love early on, reluctance to video chat, financial emergencies.

💻 Tech Support Scams

What they claim: To be from Microsoft, Apple, or antivirus companies warning of infections or expired licenses.

The goal: Get you to call a number, install remote access software, or pay for unnecessary "support."

Risk level: High

Warning signs: Unsolicited security warnings, urgent tone, requests to install software or call immediately.

🚨 The Golden Rules of Email Safety

  1. Never click links in unexpected emails - type URLs directly into your browser
  2. Never download attachments from unknown senders - even if they look legitimate
  3. Never provide passwords or sensitive information via email - legitimate companies never ask
  4. Always verify independently - contact the sender through official channels before taking action

How to Verify Email Authenticity

1. Check the Sender's Email Address Carefully

Don't just read the display name - click to see the actual email address. Scammers use tricks like:

  • Lookalike domains: "paypa1.com" instead of "paypal.com" (1 instead of l)
  • Subdomain tricks: "paypal.secure-login.com" (not owned by PayPal)
  • Similar spellings: "amazn.com" instead of "amazon.com"

2. Hover Over Links (Don't Click)

Before clicking any link, hover your mouse over it to see where it actually goes. If the URL looks suspicious or doesn't match the claimed destination, don't click.

3. Look for Generic Greetings

Legitimate companies usually address you by name. "Dear Customer" or "Dear User" is a red flag.

4. Check for Urgency and Threats

Scammers create artificial urgency: "Account will be closed in 24 hours!" "Urgent action required!" Legitimate organizations give you time to respond.

5. Examine the Language Quality

Poor grammar, spelling errors, awkward phrasing, or inconsistent formatting are warning signs.

6. Verify Requests Independently

If an email asks you to take action (reset password, confirm payment, etc.):

  • Don't use contact info from the email
  • Go directly to the company's official website or app
  • Call using a number you find independently
  • Ask if they sent the email

7. Be Suspicious of Attachments

Never open attachments from unknown senders. Even seemingly harmless files (PDFs, Word docs) can contain malware.

8. Check Email Headers

Advanced users can examine email headers to see the true origin. Most email clients let you view "full headers" or "original message."

Red Flags That Signal a Scam Email

  • 🚩 Unexpected email from a known company or person
  • 🚩 Urgent or threatening language
  • 🚩 Requests for personal or financial information
  • 🚩 Generic greetings ("Dear customer")
  • 🚩 Poor grammar, spelling, or formatting
  • 🚩 Suspicious links that don't match claimed destination
  • 🚩 Unexpected attachments
  • 🚩 Too good to be true offers
  • 🚩 Sender's email address doesn't match official domain
  • 🚩 Requests to bypass normal procedures
  • 🚩 Mismatched or fake company logos
  • 🚩 Asking you to act before verifying

What to Do If You Receive a Suspicious Email

  1. Don't click any links or download any attachments. This is critical to staying safe.
  2. Don't reply to the email. Responding confirms your email address is active.
  3. If it claims to be from a company you use: Don't use any contact information from the email. Go to their official website directly and log in or contact them independently.
  4. Mark it as spam/phishing. Most email services let you report phishing. This helps protect others.
  5. Delete the email. Don't keep it around where you might accidentally click it later.
  6. If you're not sure: Use our email analysis tool below to check the sender's information and see if others have reported issues.
  7. Report it: Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org and to the FTC at reportfraud.ftc.gov.

What If You Already Clicked or Responded?

If you clicked a link but didn't enter information:

  • Close the browser immediately
  • Run a full antivirus scan
  • Monitor your accounts for unusual activity
  • Change passwords for important accounts

If you entered personal information:

  • Passwords: Change them immediately on the real site, enable two-factor authentication
  • Financial info: Contact your bank/credit card company immediately
  • Social Security number: Consider placing a fraud alert with credit bureaus
  • Report identity theft: Visit identitytheft.gov for recovery steps

If you sent money:

  • Contact your bank or payment service immediately
  • Report to local police and FBI at ic3.gov
  • If you paid with a credit card, dispute the charge
  • If wire transfer, contact the transfer company (though recovery is difficult)

If you downloaded an attachment:

  • Disconnect from the internet immediately
  • Run full antivirus/anti-malware scans
  • Change passwords from a different device
  • Monitor accounts for unauthorized access
  • Consider professional IT help if malware is detected

Protecting Yourself from Future Email Scams

Use Email Security Features:

  • Spam filters: Keep them enabled and mark suspicious emails as spam
  • Two-factor authentication: Enable on all important accounts
  • Email verification: Use services that verify sender authenticity (SPF, DKIM, DMARC)

Practice Good Email Hygiene:

  • Don't publish your email address publicly
  • Use separate emails for different purposes (shopping, banking, personal)
  • Unsubscribe from unwanted mailing lists
  • Don't forward chain emails

Stay Educated:

  • Keep up with latest phishing tactics
  • Train family members to recognize scams
  • When in doubt, verify independently

Use Security Software:

  • Keep antivirus software updated
  • Use anti-phishing browser extensions
  • Keep your operating system and software patched

Verify Email Sender Information

Our email address analysis tool can help you gather context about suspicious senders before you respond or click anything.

What you'll discover:

  • ✓ Domain registration details
  • ✓ Domain age and history
  • ✓ Known spam/phishing associations
  • ✓ User-reported scam patterns

How this helps:

  • ✓ Verify sender legitimacy
  • ✓ Identify newly created domains
  • ✓ See if others reported issues
  • ✓ Make informed decisions

⚠️ Important: This is informational data only. We aggregate publicly available information and user reports. We cannot guarantee accuracy or completeness. This is not a consumer report and may not be used for employment, housing, credit, or insurance decisions. Always verify information independently.

Analyze Email Address →

🔒 Your search is confidential. The sender you research will not be notified.

Related Protection Resources

Recognizing Phishing Attempts

Learn red flags and examples to spot fake emails before you click.

Read Guide →

Protecting Your Personal Information

Lock down social profiles and reduce exposed personal data.

Learn More →

Identity Theft Recovery

Step-by-step actions to take immediately after a compromise.

Get Help →