Scam emails, commonly known as phishing attempts, are designed to trick you into revealing personal information, clicking malicious links, or downloading harmful software. By recognizing key red flags, you can avoid falling victim to these attacks. Based on guidance from cybersecurity experts and government agencies, here are some of the best ways to identify them:

1. Examine the sender’s email address closely. Legitimate companies send emails from official domains (e.g., @amazon.com, not @amazon-support.net or a Gmail address). Scammers often use slightly misspelled or fake domains to impersonate trusted sources, such as “micros0ft.com” instead of “microsoft.com.” Hover over or tap the sender’s name to reveal the full address, especially on mobile devices where it might be hidden.
2. Look for generic or unusual greetings. Emails starting with “Dear customer,” “Hello user,” or no personal greeting at all are suspicious, as real organizations often use your name if they know you.consumer.ftc.gov+2 more Informal or overly formal language that doesn’t match typical communication from the sender is another clue.
3. Check for a sense of urgency or threats. Scammers create panic with phrases like “Act now or your account will be suspended,” “Unauthorized login detected,” or “Claim your reward before it’s too late.” This tactic rushes you into action without thinking critically.
4. Inspect links and attachments carefully. Hover over any links (without clicking) to see the actual URL—if it doesn’t match the displayed text or leads to an unfamiliar site, it’s likely a scam. Avoid opening unexpected attachments, especially with file types like .exe or .zip, as they could contain malware. Legitimate companies rarely send links to update payment or login details via email.
5. Watch for requests for sensitive information. No reputable organization will ask for passwords, credit card numbers, Social Security details, or other private data through email. If an email demands this, verify by contacting the company directly using a known phone number or website.
6. Spot poor grammar, spelling, or formatting errors. Professional emails are typically polished, but scam emails often contain awkward phrasing, typos, or inconsistent branding (e.g., wrong logos or fonts). While not always present in sophisticated attacks, these are common in many phishing attempts.
7. Be wary of unexpected or unsolicited messages. If you receive an email about an account issue, prize, or refund you weren’t expecting, treat it with suspicion—especially from first-time senders or those marked as “external” in your email client.

To further protect yourself:

• Enable multi-factor authentication (MFA) on your accounts for added security.consumer.ftc.gov
• Use antivirus software and keep it updated to scan for threats.
• If you suspect a scam, report it: Forward phishing emails to reportphishing@apwg.org, or use tools like the FTC’s reporting site or your email provider’s “Report Phishing” feature.
• If you’ve already clicked a link or shared info, scan your device for malware, change passwords, and monitor accounts for unusual activity.