How do you recognize a phishing email? Even as many of today’s scammers use AI tools to make them look slicker than ever, you can still pick out several telltale signs. Common to every email scam is they all aim to steal your sensitive data such as personal and financial info. Other attacks go right for your wallet by selling bogus goods or pushing phony charities. You’ll find scammers posing as big brands, bosses, charities, and more. They might try to trick you into providing info like website logins, credit and debit card numbers, and even some of your most precious personal info like your Social Security number.

How do you spot a phishing email?

Phishing emails are deceptive messages that try to trick you into revealing sensitive information, such as passwords, credit card details, or personal data. They often appear to be from legitimate sources like banks, government agencies, or well-known companies, making them difficult to detect. By knowing the common signs of a phishing email you can better protect yourself from falling victim to these scams.

It’s often poorly written

Emails rife with poor grammar and spelling errors once gave you a pretty good clue that you were looking at an email scam. That’s not always the case anymore. The advent of AI tools has made it much easier for scammers to look and sound convincing. Still, some of these AI-generated emails make mistakes. They repeat info and they don’t have the flow that a professionally written email does. If you spot an email that reads like that, and if it asks for personal info, you might be looking at an email scam.

The logo doesn’t look right

Scammers often steal the logos of the businesses they impersonate, but don’t always use them correctly. The logo in an email scam might have the wrong aspect ratio or look like a low-resolution cut-and-paste job. If the logo and overall design of the email appears shoddy, once again, you might be looking at an email scam.

The URL doesn’t match

Email scams always center around links that you’re supposed to click or tap. Here are a few ways to check whether that link is legitimate:

  • On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. On mobile devices, you can carefully check the address by holding down on the link, but not tapping it.
  • Take a close look at the addresses the message is using. Often, phishing URLs contain intentional misspellings designed to trick victims. For example, a scammer impersonating the major retailer Target might use a mashed up URL like “Targetscoupon” and have one of the more obscure domain names after it, like .ga, .tk, .ml, .shop, or .buzz.
  • Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site.

Types of email scams

Aside from phishing, email scams come in other forms, such as lottery scams, fake job offers, advance-fee schemes, and tech support fraud. While scammers continue to evolve their tactics, recognizing common types of email scams can help you avoid becoming a victim. Below, we break down the most prevalent email scams and provide tips on how to protect yourself from these fraudulent schemes.

The CEO scam

This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts or employee salaries. In some cases, they ask an employee, perhaps someone working in accounting or payroll, to make a hefty money transfer. The hackers “spoof” or fake the boss’ email address so it looks like a legitimate internal company email. What makes this scam so convincing is that you want to do your job and do what your boss asks. Keep this scam in mind if you receive similar emails. Give the apparent sender a call or speak to them directly and find out if the request is real before acting.

The undeliverable package scam

Here, the scammers send an email that looks like it’s from a well-known shipping company, stating that you have a package that’s logjammed somewhere along the shipping route. To ensure delivery, the scammer asks for one of two things. The first is to open a “shipping invoice” attached to the email. Upon opening it, the attachment tries to install malware on your device. The second is to click a link, which sends you to a phishing site designed to steal personal info.

The “lucky” email

How fortunate! You’ve won a free gift, a coupon deal, or a sweet prize for an all-inclusive trip to Las Vegas. All you need to do is follow a link to pay a small “handling fee” to receive it. Just remember, whatever “limited time offer” you’re being sold, it’s probably an email scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting — for what appears to be little or no cost to you.

Account suspended scam

Some email scams notify you that your bank or credit card suspended your account due to unusual activity. This scam also extends to things like streaming services and utilities—anything where you have an account on file. Typically, these emails have an urgent tone and want you to “act now,” then directs you to a link that opens to a phishing site asking for info like logins, passwords, payment info, and more.

Charity scams

Sadly, scammers will dive to new lows by impersonating a charitable organization. Charity scam emails tend to pop up around the holidays and in the wake of natural disasters, aiming to take advantage of people’s good will and desire to help. If you’re considering giving, do a background check on the organization to see if it’s legitimate — and how much of the donations they receive go toward their cause. Some charities put more of their donations to work than others, so use resources like Charity Navigator, Better Business Bureau, and Charity Watch for a background check.

How to avoid email scams

While you can’t stop email scams from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.

Pause and think

The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often email scams, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages lean heavily on urgency, like a phony overdue payment notice. During the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. Slow down and review that message with a critical eye. It might tip you off to a scam.

Deal directly with the company or organization

Some email scams can look rather convincing that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization involved and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.

Don’t download or open attachments

Some email scams involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person, particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.

Remove your personal info from sketchy data broker sites

How’d that scammer get your email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

Get a scam detector

You can combine your healthy skepticism and awareness with the right technology, like our Web Protection and Scam Detector. Both will alert you if a link you received might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.