How to Spot Scam Emails (12 Warning Signs of Phishing in 2026)

If there’s one skill everyone needs to master these days, it’s knowing how to spot scam emails.

Scammers love using email to scam people because it’s simple, low effort, and it works. That’s why learning how to spot scam emails is essential for staying secure online. A single malicious message can trick someone into giving a hacker access to their account, infect their device with malware, or convince them to hand over private information. According to the FBI’s 2024 Internet Crime Report, reported losses from online scams topped $16.6 billion. That’s a 33% increase compared to the previous year, with many individuals losing thousands and in some cases tens of thousands of dollars.

Long gone are the days of easy-to-spot scams claiming to be from a faraway prince who wants to share his millions with you for simply helping him move money out of his country. Those early scams were full of bad grammar, poor spelling, and unbelievable stories. These days, especially with the rise of AI, bad emails are much harder to detect. AI is even helping criminals craft more convincing scam emails, making it more important than ever to be cautious about what messages you open and interact with.

What Is a Scam Email?

A scam email, often called a phishing email, is a fraudulent message designed to trick you into giving away personal information, login credentials, or money. These messages usually impersonate trusted organizations like banks, delivery companies, or technology companies.

The goal is simple: convince you to click a malicious link, download a harmful attachment, or send sensitive information.

Phishing attacks are one of the most common forms of cybercrime today. Attackers send millions of emails hoping that even a small percentage of recipients will fall for the message.

Due to criminals using AI, many phishing emails now look extremely convincing. Attackers copy real company logos, mimic legitimate email templates, and sometimes even reference real information about you to appear authentic.

Understanding how these messages work is the first step in protecting yourself.

12 Warning Signs of a Scam Emails

Here are the most common warning signs that an email may be a phishing attempt.

1. The sender address looks suspicious
   

   Always check the From address. It is your first line of defense. Scammers count on you being too busy to notice that a message comes from something like amazon-support@outlook.com instead of no-reply@amazon.com.

   Attackers also register domains that look almost identical to legitimate ones. For example, they might replace the letter “O” with the number “0”, or use visual tricks like support@rnicrosoft.com. Notice how the “r” and “n” together can look like the letter “m” at a glance? That fake address mimics support@microsoft.com.

   Small details like this are easy to miss when scanning quickly, but catching them can prevent a phishing attack.

2. Urgent or threatening language
   

   Phishing emails often try to create panic so you act quickly without thinking.

   You might see messages claiming your account will be locked, a payment failed, or suspicious activity was detected. The email pressures you to click a link or respond immediately.

   Legitimate companies rarely demand immediate action through email alone.

3. Suspicious links
   

   Many phishing emails try to trick you into clicking a malicious link.

   Before clicking any link, hover your mouse over it to see the real destination. If the link points to a strange domain or does not match the company sending the email, it is likely a scam.

   For example, a real PayPal email will link to paypal.com, not something like paypal-security-login.net.

4. Unexpected attachments
   

   Be cautious of attachments you were not expecting.

   Scammers often send files that appear to be invoices, shipping notices, or scanned documents. Opening these files can install malware or redirect you to a fake login page.

   If you were not expecting the file, verify the message before opening it.

5. Spelling and grammar mistakes
   

   With the prevalence of AI these days, this is not as common, but it still happens. Many scam emails contain poor grammar, unusual phrasing, or obvious spelling errors.

   Sloppy language is still a common sign of a phishing attempt. Professional organizations typically proofread official communications carefully.

6. Requests for passwords or sensitive information
   

   Legitimate companies will never ask you to send your password, Social Security number, or credit card details through email.

   If a message asks you to reply with personal information or enter it on a linked page, it is almost certainly a phishing attempt.

7. Generic greetings instead of your name
   

   Many scam emails start with vague greetings such as:

   Dear Customer
   Dear User
   Hello Member

   Legitimate companies usually address you by your name because they already have your account information. Generic greetings are often a sign that the message was sent to thousands of people at once.

8. Offers that sound too good to be true
   

   Everyone has heard the phrase, “If it sounds too good to be true, it probably is.” Promises of prizes, gift cards, or large sums of money in emails are a common sign of a scam.

   If you receive a message saying you won a contest you never entered, it is almost certainly fraudulent. Scammers use these offers to trick people into clicking links or sharing personal information.

9. The email domain does not match the company

   Even if the sender’s name looks legitimate, the actual domain may reveal the scam.

   Always check the sender’s email domain. If it does not match the company’s official domain, the message may be a scam. Legitimate companies typically only send messages from their official domains.

10. The email asks you to log in through a link
    

    A large number of phishing emails attempt to steal login credentials by directing you to a fake login page.

    The message may claim there is a problem with your account and urge you to sign in immediately. Instead of clicking the link, open a new browser tab and go directly to the company’s official website through your normal methods.

11. Mismatched or shortened URLs
    

    Phishing emails often hide malicious websites behind shortened links like bit.ly or tinyurl.

    Even when the link looks normal, the destination domain may not match the company name.

    Always check that the website address exactly matches the organization the email claims to be from.

12. Messages you did not expect
    This is the easiest sign. Simply receiving a message out of the blue you were not expecting. These could be messages about account problems, payments, or maybe security alerts. You should always be treated these with caution.

    If you did not request a password reset, place an order, or start an account change, the email may be part of a phishing campaign.

Real Examples of Scam Emails

Scam emails usually follow recognizable patterns. Here are a few common examples.

Fake Account Security Alerts
Example subject line: “Your account has been locked. Verify immediately.”

These messages claim your account was compromised and pressure you to click a link to restore access. The link usually leads to a fake login page designed to steal your password. If you login, they get your email and password and take over your account.

Fake Package Delivery Notices
Example subject line: “Delivery failed. Confirm your address.”

These emails often impersonate companies like FedEx, UPS, or DHL. The message asks you to click a link to reschedule delivery. Instead, the link installs malware or steals login credentials.

Prize or Lottery Emails
Example subject line: “Congratulations! You have won $500,000.”

If you never entered a contest, you did not win a prize. Lottery scams are one of the oldest forms of online fraud.

How to Check if an Email Is Really From the Company

If you receive a suspicious email, take a moment to verify it before clicking anything.

Check the sender address

Scam emails often use addresses that look similar to legitimate companies. At first glance it looks real, but the domain is not actually Amazon. Example: support@amaz0n-security.com

Hover over links

I can’t stress this enough: always, 100% of the time, hover your mouse over a link before clicking it to see where it actually leads. Most email programs will display the destination URL in a small popup. If the URL looks strange, is misspelled, or simply doesn’t match the message, don’t click it.

A domain name that doesn’t match the company sending the email is one of the strongest signs that it might be a bad link.

Example 1
You receive an email that appears to come from Walmart, but the link directs you to: https://billsgarden2supply.com. Walmart emails should link to walmart.com. If the domain is completely unrelated to the company, the message is almost certainly a phishing email.

Example 2
You receive an urgent email claiming your bank detected fraud and you must respond immediately. The link in the email goes to https://teacup-treeservices26.net/online-banking. Legitimate banks will always use their official domain name. If the link points to a random website, it is a clear warning sign.

Example 3
You receive a message that appears to be from Microsoft saying you must sign in right away to secure your account. The link directs you to: https://hessenhouse-treecare55.org/secure-online. Attackers often use completely unrelated websites to host fake login pages designed to steal your credentials.

Tip: On a mobile device, you can view the underlying URL of a link by pressing and holding it. Keep your finger on the link until a preview or popup appears. If you release too quickly, the link may open instead of showing the URL.

Contact the company directly

If you are unsure, open a new browser tab and visit the company’s official website.

Never use the phone number or link included in the suspicious email.

What To Do If You Get a Suspicious Email

Don’t click: Do not click any links or download attachments.

Mark as spam: Once you spot scam emails use your email app’s built-in tools to “Report spam” or “Report phishing”. This helps block similar messages in the future.

Report it: Notify the real company if the email pretends to be from one you use. Fake IRS, Treasury, and tax-related scams are also very common these days. If you get one of those you can report it directly to the IRS at phishing@irs.gov or through their official reporting page.

Delete it: Once you’ve reported or flagged it, delete the message so you don’t accidentally open it later.

What NOT To Do

Do not reply to suspicious emails: Once you spot scam emails, never reply to ask if someone was hacked. I’ve personally seen attackers respond to these kinds of messages pretending everything is fine, which only keeps the conversation going and increases your risk. If you want to verify whether an email is legitimate, contact the person by other means such as calling them using a known phone number from your address book.

Do not forward suspicious emails: Forwarding a suspicious message can spread it around and put others at risk of clicking on bad links or attachments.

Do not click unsubscribe links in scam emails: Only use an unsubscribe link if it’s from a legitimate company you recognize or something you actually signed up for. In scam emails, those links are often fake and can confirm your address as active, leading to even more spam.

Do not open unexpected attachments: Even if the message appears to be from a friend or coworker, that doesn’t mean it’s safe. If their account was hacked, the attacker could be using it to send infected files to everyone in their contact list.

Do not call phone numbers listed in the email: This type of scam is more common than ever. Entire call centers exist where fake “customer service” agents are ready to trick you into giving up personal information or paying for fake support.

Do not trust pop-up warnings: These alerts often appear after clicking a malicious link and are designed to make you download “security software” that is actually malware.

What Happens If You Click a Phishing Email?

Clicking a phishing email does not always mean your device is infected, but it can still be dangerous.

Common outcomes include:

• giving your login to criminals by entering credentials on a fake website
• having malware downloaded to your machine
• getting spyware or ransomware
• exposure of personal or financial information

If you believe you clicked a malicious link, immediately change the password for the affected account and enable two factor authentication. If you are not already using it, check out my Two-Factor Authentication 101 article to learn why this is a critical step in protecting your accounts.

If the compromised account is your email account, it is especially important to secure it quickly because email access can allow attackers to reset passwords for other services.

Identity theft is also a very real outcome when phishing attacks succeed. Once an attacker has your login credentials or personal information, they can use it to open accounts, apply for credit, or sell your details to other criminals. If you believe your personal information was exposed as a result of clicking a phishing link, take a look at our Identity Theft 101 guide for a clear breakdown of what to watch for and the steps you should take to protect yourself.

Protect Yourself Going Forward

The best protection combines awareness with a few reliable tools that make bad emails easier to avoid.

Email Services and Spam Filters:
Email providers like Gmail, Outlook.com, and iCloud Mail do a good job of blocking most junk and phishing messages before they reach your inbox. But no system is perfect, and a few bad emails will still sneak through from time to time. Always keep your built-in spam filtering turned on and report suspicious messages using the provider’s built-in tools. Doing this helps the email service learn to spot and block similar messages in the future for you and for everyone else.

Antivirus and Anti-Malware:
Scans attachments, blocks infected downloads, and helps protect your computer if you accidentally click something you shouldn’t.
Examples: Bitdefender, Malwarebytes

Password Manager:
Keeps your logins safe and unique, reducing the risk if one account is ever compromised.
Examples: Keeper, 1Password, NordPass (review)

VPN:
Adds another layer of privacy and protection, especially when you’re using public Wi-Fi.
Examples: NordVPN (review), ExpressVPN

Final Thoughts

Bad emails are getting harder to spot, and that trend is not going to reverse. AI has made it easier than ever for scammers to write convincing messages that look and sound like they came from a real company. The old giveaways, like broken English and obvious spelling mistakes, are becoming less reliable. What has not changed is the playbook they use: urgency, fear, fake links, and pressure to act fast. Those tactics are still front and center in almost every phishing attempt you will ever see.

The good news is that awareness is genuinely your best defense here. You do not need to be a cybersecurity professional to protect yourself. You just need to slow down for a few seconds before clicking anything. Check the sender address. Hover over links. Ask yourself whether you were expecting this message. Those three habits alone will stop the vast majority of scam emails in their tracks.
No tool, filter, or software replaces that moment of pause. Spam filters help. Antivirus software helps. But attackers are constantly tweaking their approach to get past automated defenses. Your own skepticism is the one thing they cannot easily program around.

If you do get caught and click something you should not have, do not panic. Change your password immediately, turn on two-factor authentication if it is not already active, and keep an eye on your accounts. One mistake does not have to become a disaster if you respond quickly.

Stay skeptical, stay curious, and never let anyone rush you into a decision through your inbox.

Explore more Online Security guides for related tips, tools, and reviews.