Scammers know you’re busy and try to make you click fast. They copy real brands, fake urgency, and push you to share info or money. Most traps have tells if you slow down. Use these quick checks to spot trouble and protect your accounts.
What Is a Phishing Scam?
Phishing is a message that pretends to be from a trusted source to steal logins, money, or personal data. Scammers use email, texts, and social posts, then route you to fake sites that harvest credentials. The FTC’s plain-English guide explains common tactics and how to respond, so start with that phishing overview.
1. The “From” Address Is Almost Right
Look for tiny domain tricks: extra letters, swapped characters, odd country codes. I’ve frequently seen a double or triple l or i used in an address, because scammers know we are programmed to see what we expect to see and gloss over little extras like this. Click the sender name to see the full address, then check “reply-to” for a mismatch. If it claims to be internal but routes to a public address, treat it as a fake.
2. Generic Greeting and No Context
“Dear Customer” or “Hi User” is a big red flag, especially if the message references an account you don’t have. Real companies usually personalize and include details you can verify. When in doubt, go to the website yourself using a bookmark, not the email.
3. Link Text Doesn’t Match the URL
Scammers hide bad links behind clean words or buttons. On a computer, hover to preview the real destination; on a phone, long-press before tapping. CISA’s guidance shows how to spot suspicious URLs and avoid click traps in its advice on hovering over links to preview the URL.
4. Weird or Unexpected Attachments
Invoices you weren’t expecting, .zip files, or files that should be PDFs but aren’t can carry malware. If you didn’t ask for it, don’t open it. When something feels off, save the message and report it to the FBI’s Internet Crime Complaint Center.
5. Requests for Passwords or Bank Logins
Legitimate companies don’t ask you to “confirm your password” or “verify account details” by email. Banks also warn consumers not to click login links in unsolicited messages. The FDIC’s consumer guidance on phishing spells out safe steps in its page on how scammers get your information.
6. Demands for Gift Cards, Crypto, or Wires
Crooks love untraceable payments. If an email says pay a tax bill or fee with gift cards, crypto, or a wire, it’s a scam. The IRS reminds taxpayers that it won’t request payments this way in its notice on reporting and avoiding phishing.
7. Threats to Suspend Your Social Security Number
Fear is a favorite hook. If someone claims your number is suspended or you’ll be arrested unless you click or call, ignore it. The Social Security Administration flags these tactics and explains how to spot them in its scam alert guidance.
8. Fake Shipping Alerts and Package Problems
“Your package is on hold—update info now.” These messages push you to a look-alike site to steal card numbers. The U.S. Postal Inspection Service shows common examples and safe steps in its advice on package tracking scams.
9. Bad Grammar Paired With Polished Logos
Logos are easy to copy; consistent tone is not. Watch for odd phrasing, strange spacing, and formatting that doesn’t match the brand. One or two typos happen, but a cluster plus a pushy link is trouble.
10. A Push to Move the Chat Off Email
Scammers often try to switch you to text or messaging apps where they can rush you. If a “support agent” asks for your number or WhatsApp, slow down. The FCC recommends ignoring and reporting suspicious texts, including by forwarding to 7726, in its tips on spam texts and scams.
11. “Re-Authenticate” Pages That Look Close but Not Exact
Fake sign-in pages grab your username and password, then ask for your code. Use multi-factor authentication whenever possible, and prefer options that resist phishing. NIST explains why FIDO/WebAuthn are stronger in its primer on phishing-resistant MFA.
12. Too-Good-To-Be-True Refunds or Prizes
“You’ve won” or “we owe you a refund” is bait. Verify claims on the real website or with the number on the back of your card. For a quick gut check, review USA.gov’s roundup of common online scams and how to avoid them.
