Americans lost over $2.7 billion to phishing and email scams in 2025, according to the FBI's Internet Crime Complaint Center. The average scam email is getting harder to spot — AI-generated text has eliminated the grammar mistakes that once made fraud obvious. But scam emails still follow patterns, and once you learn them, they become hard to miss. Here are 10 signs that reliably give away a scam email.
1. The Sender Domain Does Not Match the Company
This is the single most reliable indicator. Every legitimate company sends email from its own domain. Chase Bank emails come from @chase.com. Apple emails come from @apple.com. If an email claims to be from Netflix but the sender address ends in @netflix-billing-support.com, it is fake. The real domain is netflix-billing-support.com, not netflix.com.
Click or tap the sender name to reveal the full address. On mobile, this is easy to overlook because apps often show only the display name.
Got a suspicious email?
Paste it here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
2. The Email Creates Urgent Pressure
Scam emails manufacture urgency because urgency bypasses critical thinking. Common phrases:
- "Your account will be closed in 24 hours"
- "Unauthorized transaction detected — act immediately"
- "Final notice before legal action"
- "Your payment failed — update now to avoid service interruption"
Real companies give reasonable timeframes and send multiple reminders. They do not threaten you in the first email.
3. The Links Go Somewhere Unexpected
Hover over every link before clicking. The visible text might say "Sign in to your account" but the actual URL could point to paypal-secure-login.malicious-site.com. On mobile, long-press the link to preview the URL. If the destination domain does not match the company claiming to send the email, do not click.
4. It Asks for Sensitive Information
No legitimate company asks you to reply to an email with your password, Social Security number, bank account details, or credit card number. Not your bank. Not the IRS. Not Amazon. If an email requests sensitive information by reply, form, or link — it is a scam.
5. The Greeting Is Generic
"Dear Customer," "Dear Account Holder," "Dear User." Companies that have your account typically address you by name. A generic greeting combined with other red flags is a strong indicator. However, some legitimate marketing emails do use generic greetings, so weight this alongside other signs.
6. There Are Unexpected Attachments
An invoice you did not request. A "voicemail" attached as a file. A "shipping document" for an order you did not place. Unexpected attachments are a primary malware delivery method. Particularly dangerous file types include .zip, .exe, .scr, .docm (Word files with macros), and .html files that load phishing pages locally.
7. The Email Was Not Expected
You did not order anything, apply for any job, enter any contest, or contact any company — but you received an email about a delivery, a job offer, prize winnings, or a support ticket. Unsolicited emails about transactions you never initiated are scams until proven otherwise.
8. The Email Contains Threats
Beyond urgency, some scam emails use explicit threats: "We have a video of you," "Your device has been compromised," "Pay $500 in Bitcoin or your files will be published." These are sextortion scams and ransomware threats. They are almost always bluffs sent to thousands of people simultaneously. Real attackers with actual leverage do not send mass emails.
9. The Reply-To Address Differs from the Sender
Some scam emails spoof the "From" address to look legitimate but set the reply-to as a different address the scammer controls. Check the reply-to field in your email client. If it differs from the sender address, that mismatch is a red flag.
10. Something Just Feels Off
Trust your instincts. If an email's tone feels wrong — too formal for a casual service, too casual for a bank, slightly robotic, or just different from how the company normally communicates — that intuition is worth investigating. Combined with any of the signs above, it should prompt a phishing check.
What to Do When You Spot a Scam Email
- Do not click any links or download any attachments.
- Verify independently. Go directly to the company's website by typing the address yourself. Check your account for any real alerts.
- Check with a scam detector. Paste the email text into IsThisAScam.to for an instant AI-powered analysis.
- Report it. Forward phishing emails to
reportphishing@apwg.org. Most email providers also have a "Report phishing" option. - Delete it. Once reported, remove the email to avoid accidentally clicking it later.
Practice With Real Examples
The best way to train your eye is to analyze real scam emails. At IsThisAScam.to, you can paste any suspicious email and see exactly which elements triggered the detection — the domain age, the manipulation language, the URL reputation, and more. Each analysis is a mini lesson in scam detection. Check your first email now — it is free and takes less than 10 seconds.