You receive an email that looks like it is from your bank, a delivery company, or a government agency. It asks you to click a link or provide personal information. But is it real? Over 3.4 billion spam emails are sent every single day, and phishing emails account for the majority of data breaches worldwide.
Why Phishing Emails Are So Dangerous
Phishing emails are designed to look exactly like messages from companies you trust. They copy logos, formatting, and even email addresses to trick you into giving up passwords, credit card numbers, and personal information. The average cost of a phishing attack on a small business is $14,900.
7 Ways to Check If an Email Is Legitimate
1. Check the Sender's Email Address
Hover over the sender's name to reveal the actual email address. Scammers use addresses like "[email protected]" or "[email protected]" that look similar to real addresses but are not.
2. Look for Generic Greetings
Real companies address you by name. Emails that start with "Dear Customer," "Dear User," or "Dear Account Holder" are suspicious.
3. Hover Over Links Before Clicking
Move your mouse over any link without clicking it. Your browser will show the actual URL at the bottom of the screen. If the URL does not match the company's real website, do not click it.
4. Check for Urgency and Threats
Scam emails create artificial urgency with phrases like "Your account will be suspended in 24 hours" or "Immediate action required." Real companies give you reasonable time to respond.
5. Look for Spelling and Grammar Errors
While AI-generated scams are getting better, many phishing emails still contain subtle errors in spelling, grammar, or formatting that real companies would not make.
6. Verify Independently
If an email claims to be from your bank, do not use the phone number or link in the email. Instead, go to the company's website directly by typing the URL in your browser, or call the number on the back of your card.
7. Check the Email Headers
Email headers reveal the true origin of a message. If the email claims to be from a major company but the headers show it originated from a different domain, it is a scam.
What to Do with a Suspicious Email
- Do not click any links or download attachments
- Do not reply with personal information
- Use our Scam Checker to analyze the email
- Forward the email to the company it claims to be from
- Report it to the FTC at ReportFraud.ftc.gov
- Delete the email
How to Protect Your Email
Enable two-factor authentication on your email account. Use a strong, unique password. Be cautious about sharing your email address online. Consider using a separate email for online shopping and signups.