How can I tell if an email is from a scammer?

Check these red flags: 1) Sender email doesn't match official domain (paypal-security@gmail.com is fake, service@paypal.com is real). 2) Generic greetings like 'Dear Customer' instead of your name. 3) Urgent threats ('Account will be closed!'). 4) Suspicious links (hover to see real URL). 5) Poor grammar and spelling. 6) Requests for passwords or sensitive info. Real companies never ask for passwords via email.

What should I do if I clicked a link in a phishing email?

Act immediately: 1) Don't enter any information on the page. 2) Close your browser. 3) If you entered login credentials, change passwords NOW from a different device. 4) Enable 2-factor authentication on all accounts. 5) Run antivirus scan. 6) Monitor bank statements for unauthorized charges. 7) Report to the company being impersonated. Simply clicking usually can't install malware unless you also downloaded something.

How do I verify if an email from my bank is legitimate?

Never trust email alone. Instead: 1) Don't click links in the email. 2) Open a new browser tab and type your bank's URL directly. 3) Log in to your account normally. 4) Check for messages in your secure inbox. 5) Call your bank using the number on your card (not the email). Real banks: Use your name, reference specific accounts, never ask for full passwords, don't create false urgency. When in doubt, call your bank directly.

Can opening a phishing email infect my computer?

Simply opening most phishing emails is safe - modern email clients block automatic downloads. However, you CAN get infected if you: Click links in the email, download attachments, enable macros in documents. To stay safe: Never download attachments from unknown senders, don't click links, keep software updated, use antivirus protection. Preview text is safe, but be cautious with images (they can track when you open emails).

Why does the email look exactly like it's from Amazon/PayPal?

Scammers copy official logos, colors, and layouts perfectly. They can make emails look identical to real ones. This is why you must check: 1) Sender email address (not just display name). 2) Link destinations (hover without clicking). 3) Email headers (technical details). Professional appearance doesn't mean legitimate. Even perfect-looking emails can be scams. Always verify through official channels, not email links.

Is This Email a Scam? Spot Phishing Emails (2025 Guide)

What is Phishing?

Phishing is a cyberattack where scammers send fraudulent emails pretending to be trusted companies (banks, Amazon, PayPal, government agencies) to steal your personal information, passwords, or money.

3.4 billion

Phishing emails sent daily worldwide

Phishing works by exploiting trust and urgency. Scammers know you'll act quickly if you think your bank account is compromised or your Amazon order is delayed.

How Phishing Attacks Work:

Impersonation: Email appears to be from a trusted company
Urgency: Creates panic ("Account will be closed!")
Deception: Includes official-looking logos and language
Action: Asks you to click a link or download attachment
Theft: Fake website steals your login credentials or payment info

7 Red Flags of Phishing Emails

Critical Warning Signs

If an email has even ONE of these red flags, treat it as suspicious:

1. Suspicious Sender Email Address

The #1 way to spot phishing: Check the actual email address, not just the display name.

❌ FAKE

paypal-security@gmail.com
amazon-verify@outlook.com
chase.bank.alert@yahoo.com
support@amazn.com (typo)
noreply@bankofamerica.secure-login.com

✅ REAL

service@paypal.com
ship-confirm@amazon.com
no.reply@chase.com
auto-confirm@amazon.com
alerts@notify.bankofamerica.com

How to check: Click on the sender's name to reveal the full email address. Scammers can make the display name say "PayPal" but the actual address will be fake.

2. Generic Greetings

Legitimate companies use your name. Phishing emails use generic greetings because scammers don't know who you are.

❌ SUSPICIOUS

"Dear Customer"
"Dear User"
"Dear Account Holder"
"Hello Email User"

✅ LEGITIMATE

"Dear John Smith"
"Hello John"
"Hi John,"
Uses your actual name

3. Urgent or Threatening Language

Phishing emails create false urgency to make you act without thinking.

Common Urgency Tactics:

"Your account will be closed in 24 hours!"
"Suspicious activity detected - verify NOW"
"Final notice: Update payment method immediately"
"You have 1 hour to confirm your identity"
"Failure to respond will result in account suspension"

Reality check: Legitimate companies give you reasonable time to respond and offer multiple contact methods. They don't threaten immediate account closure.

4. Suspicious Links

NEVER click links in suspicious emails. Instead, hover your mouse over the link (don't click!) to see where it really goes.

Example: Fake PayPal Email

What you see: "Click here to verify your account: www.paypal.com/verify"

Where it actually goes: paypa1.secure-login.tk (notice the "1" instead of "l")

Red flag URLs:

Shortened links (bit.ly, tinyurl.com)
Misspelled domains (paypa1.com, arnazon.com)
Extra words (paypal-security.com, amazon-verify.net)
Suspicious extensions (.tk, .ru, .xyz)
IP addresses instead of domain names

5. Requests for Sensitive Information

CRITICAL RULE: Legitimate companies NEVER ask for these via email:

🚫 Real Companies NEVER Ask For:

Full passwords
Social Security numbers
Credit card CVV codes
PIN numbers
Full account numbers
Mother's maiden name
Date of birth

6. Poor Grammar and Spelling

Many phishing emails come from non-English speakers or use automated translation, resulting in awkward phrasing.

Example of Poor Grammar:

"Dear valued customer, we has detected unusual activity on you're account. Please to verify your informations immediately or account will be suspend."

However: Some sophisticated phishing emails have perfect grammar. Don't rely on this alone!

7. Unexpected Attachments

NEVER open attachments from unexpected emails, even if they appear to be from known companies.

Dangerous Attachment Types

.exe (executable files)
.zip (compressed files)
.doc or .docx with macros
.pdf from unknown senders
.js (JavaScript files)

Most Common Phishing Scams (2025)

1. Fake Bank Alerts

Subject: "Unusual Activity Detected on Your Account"

Claims: Suspicious charges, need to verify identity, account will be locked

Reality: Banks contact you through secure messages in your online banking portal, not email

2. Amazon/Package Delivery Scams

Subject: "Your Amazon Order Cannot Be Delivered"

Claims: Payment issue, address problem, need to update info

Reality: Check your Amazon account directly (don't click email links)

3. PayPal Account Verification

Subject: "Verify Your PayPal Account to Avoid Suspension"

Claims: Account limited, need to confirm identity

Reality: PayPal never asks you to verify via email links

4. IRS/Tax Scams

Subject: "You Have a Tax Refund Pending"

Claims: Refund available, click to claim

Reality: IRS NEVER initiates contact via email. They send physical letters only.

5. Microsoft/Apple Support Scams

Subject: "Your Microsoft Account Has Been Compromised"

Claims: Security breach, need to reset password

Reality: Go directly to microsoft.com or apple.com to check account status

How to Verify Email Legitimacy

1

Check the Sender Email Address

Click on the sender's name to reveal the full email address. Compare it to the company's official domain.

2

Don't Click Links - Go Direct

Open a new browser tab and type the company's URL directly (google.com, amazon.com, etc.). Log in normally and check for messages.

3

Hover Over Links (Don't Click)

Place your mouse over any links to see the real destination URL. Does it match the official website?

4

Call the Company Directly

Use the phone number on your credit card, bank statement, or the official website. DON'T use numbers in the suspicious email.

5

Check Your Account Directly

Log in to your account through the official app or website. Real alerts will appear there too.

What If I Clicked a Link in a Phishing Email?

Take Action Immediately

Don't panic, but act fast. Here's what to do:

Immediate Actions (Next 5 Minutes):

Don't enter any information on the page you landed on
Close your browser immediately
Disconnect from internet (turn off WiFi/unplug ethernet) if you entered info

If You Entered Login Credentials:

Change passwords NOW from a different device
Enable 2-factor authentication on all accounts
Check account activity for unauthorized access
Alert the real company that your credentials may be compromised

If You Entered Financial Information:

Call your bank immediately using the number on your card
Report fraudulent charges
Request new cards if you gave card numbers
Monitor credit reports for suspicious activity
Consider credit freeze if you gave SSN

Follow-Up Actions:

Run antivirus scan on your device
Update all software (OS, browser, antivirus)
Monitor bank statements for 60+ days
Report to FTC at reportfraud.ftc.gov

Good News:

Simply clicking a link usually can't install malware on modern devices unless you also downloaded and ran a file. The main risk is if you entered information on the fake website.

Protection & Prevention

Email Security Best Practices:

Enable spam filters in your email client
Use 2-factor authentication on all important accounts
Keep software updated (email client, browser, OS)
Use antivirus software with email scanning
Create unique passwords for each account
Use a password manager to generate strong passwords

Safe Email Habits:

Never click links in unexpected emails - go directly to websites
Don't download attachments from unknown senders
Verify requests through official channels
Be skeptical of urgency - legitimate companies give you time
Check sender addresses carefully
When in doubt, call the company using official numbers

Technical Protection:

Email authentication: Look for verified sender badges
Browser warnings: Don't ignore security warnings
HTTPS: Legitimate sites use secure connections
Bookmarks: Bookmark important sites and use bookmarks instead of links

How to Report Phishing Emails

Report to Email Provider:

Gmail: Click "Report phishing" (3 dots menu)
Outlook: Click "Report message" → "Phishing"
Yahoo: Select email → Click "Spam" → "Phishing"
Apple Mail: Forward to abuse@icloud.com

Report to Company Being Impersonated:

Amazon: Forward to stop-spoofing@amazon.com
PayPal: Forward to phishing@paypal.com
Apple: Forward to reportphishing@apple.com
Microsoft: Forward to phish@office365.microsoft.com
IRS: Forward to phishing@irs.gov

Report to Authorities:

FTC: reportfraud.ftc.gov
FBI IC3: ic3.gov
Anti-Phishing Working Group: Forward to reportphishing@apwg.org

💡 Why Reporting Matters

Reporting phishing emails helps email providers improve spam filters and helps authorities track and shut down scam operations. Your report could prevent others from falling victim.

Is This Email a Scam? (2025 Phishing Guide)

Quick Answer

Table of Contents