The Safe Web Guide.
Is This a Scam Email? The Complete Guide to Spotting Phishing Scams
Scam alerts, Email scams, Phishing trendsMonday, April 6, 2026

Is This a Scam Email? The Complete Guide to Spotting Phishing Scams

We have all been there. You open your inbox while sipping your morning coffee, and there it is: an urgent, brightly coloured message claiming your account is locked, a package could not be delivered, or you owe a large sum of money. Your heart skips a beat. You find yourself staring at the screen, your mind racing as you ask yourself: is this a scam email?

First, take a deep breath. Getting these emails does not mean you have done anything wrong, and simply opening the email usually cannot harm your computer or smartphone. Among all the online threats out there today, scam emails remain the most common. Scammers send out millions of these automated messages every single day, hoping that just one or two people will panic, drop their guard, and click without thinking.

In the cybersecurity world, these deceptive messages are called phishing emails—because the scammer is essentially "fishing" for your personal information, passwords, or bank details. Today, we are going to look at exactly how to spot a phishing email so you can confidently hit the delete button, protect your hard-earned money, and get on with your day.

The Psychology of a Scam: Why We Click

Before we dive into the technical signs of a fake email, it is important to understand why these scams work so well. Scammers are not just computer hackers; they are master manipulators of human emotion. They rely on three main triggers to make you act before you think:

  • Fear and Urgency: This is their favorite tactic. They threaten to close your bank account, cancel your favourite streaming service, or claim you are in trouble with the government. When we are afraid, we rush to fix the problem and forget to check the details.
  • Curiosity: Have you ever received an email about a mysterious package delivery you do not remember ordering? Curiosity pushes you to click the tracking link just to see what it might be.
  • Greed or Excitement: Messages claiming you have won a gift card, inherited money, or are eligible for a massive tax refund use excitement to blind you to the reality of the situation.

Knowing these emotional triggers is your first line of defense. If an email makes you feel sudden panic or extreme excitement, step back. That emotional reaction is exactly what the scammer is banking on.

7 Clear Signs an Email is a Scam

While scammers are constantly updating their tricks, they almost always make the same fundamental mistakes. If you see any of these seven red flags, trust your gut—it is a phishing email.

1. It creates a sense of extreme, artificial urgency

Scammers do not want you to think; they want you to react. They will use aggressive phrases like "Your account will be suspended in 24 hours," "Immediate action required," or "Final Notice." Legitimate banks, utility companies, and retailers will rarely rush you into a panic to solve a customer service issue. They give you time to resolve account problems.

2. The sender's email address looks completely wrong

This is the single best trick for spotting a fake. The display name on the email might clearly say "PayPal Support" or "Amazon Customer Care." However, you cannot trust the display name. If you click or hover your mouse over the name to see the actual underlying email address, the truth is revealed. Instead of ending in @paypal.com, it might look like support@paypal-update-123-secure.com or even a random personal address like john.doe889@gmail.com. Real companies always email you from their official, simple website domain.

3. They ask for sensitive personal information directly

Your bank, the government (like the IRS or HMRC), and major retailers will never ask you to reply to an email with your password, social security number, PIN, or bank account details. If an email asks for this information, it is an absolute guarantee that it is a scam.

4. There is a suspicious button or hidden link

Scam emails usually feature a prominent, brightly coloured button asking you to "Log In Now," "Update Payment," or "Verify Your Identity." Before you ever click a button in an unexpected email, rest your mouse cursor over it (without clicking). A little grey box will pop up at the bottom of your screen showing you where the link actually leads. If the web address looks like a jumbled mess of letters and numbers rather than the company's real website, it is a trap.

5. The greeting is incredibly generic

If you actually have an account with a company, they usually know your name and will address you by it. A typical phishing email is sent out to thousands of people at once, so it often starts with "Dear Customer," "Dear Member," "Valued Account Holder," or just a simple "Hi."

6. Poor spelling, bad grammar, and odd formatting

Many professional scams originate overseas. While they are getting better at translating their messages, you will often spot awkward phrasing, missing words, or strange capitalization. For example, they might write "Kindly update your details immediately to avoiding suspension." A multi-billion dollar company has teams of professional writers and editors; they do not send out emails riddled with basic grammatical errors.

7. The offer is simply too good to be true

If you receive an email out of the blue claiming you have won a contest you never entered, or a brand name company is offering a free television just for filling out a survey, be incredibly skeptical. Scammers use these "prizes" to trick you into entering your credit card details to pay for a tiny "shipping fee"—which then gives them full access to your bank account.

Deep Dive: Real-World Phishing Email Examples

Sometimes, seeing the tricks in action is the best way to learn. Here are four of the most common phishing email examples currently making the rounds.

1. The PayPal Scam Email Example (The Fake Receipt)

You open your inbox to find an official-looking receipt for a large purchase you never made—often for an expensive television, a high-end smartphone, or a cryptocurrency purchase. The email boldly states, "If you did not make this purchase, call our fraud department at this number immediately to cancel the transaction."

  • The Trap: There is no actual purchase, and your account hasn't been charged yet. The scammers desperately want you to call the fake customer service number provided in the email. If you call, a very convincing criminal will answer, pretend to be a helpful agent, and trick you into handing over your bank details or downloading software that gives them control of your computer.

2. The Amazon Scam Email Warning (The Locked Account)

You get an alarming message saying your Amazon Prime account has been locked due to an expired credit card or a billing error. It includes a convenient link to "Update Your Billing Info to Restore Access."

  • The Trap: The link takes you to a beautifully designed, fake website that looks exactly like the real Amazon login page. When you type in your email and password, the scammer records it. When you type in your credit card to "fix" the billing issue, you are actually handing your financial life directly to a thief.

3. The Streaming Service Scam (The Declined Payment)

An email arrives from what looks like Netflix, Disney+, or Spotify. It says your latest monthly payment was declined and your service will be cut off at midnight unless you update your payment details via the provided link.

  • The Trap: Similar to the Amazon scam, this preys on your desire not to lose access to your evening entertainment. It directs you to a fake portal designed purely to steal your credit card numbers.

4. The Fake Delivery Scam (The Missing Package)

You receive an email claiming to be from the postal service, FedEx, or UPS. It says a package could not be delivered because of a missing address or an unpaid customs fee of a very small amount (like $1.99 or £1.50).

  • The Trap: Scammers know that almost everyone is waiting for a package at any given time. By asking for a tiny fee, you might think, "Well, it's only two dollars, I'll just pay it." But to pay it, you have to enter your credit card on their fake site, giving them the ability to drain your account of thousands later.

I clicked a link... what do I do?

Mistakes happen to the best of us. Scammers are professionals, and catching people off guard is their full-time job. If you accidentally clicked a suspicious link, downloaded a file, or provided your information, do not panic. Acting quickly and calmly is your best defense.

  1. Disconnect from the internet: If you downloaded a strange file, the safest first step is to turn off your Wi-Fi or unplug your internet cable. This stops any malicious software from communicating with the scammer's servers.
  2. Change your passwords immediately: If you typed in a password on a fake site, you need to change it right away. Use a different device (like your smartphone if you were on your computer) to go to the real website. Type the website address directly into your browser yourself—do not use the link in the email. Update your password, and if you use that same password on other sites, change those too.
  3. Contact your bank or credit card company: If you entered any financial details, call the phone number printed on the back of your physical bank card immediately. Tell the fraud department exactly what happened. They can freeze your card, stop any pending transactions, and issue you a new card with a new number.
  4. Run an antivirus scan: If you clicked a link that downloaded something to your computer, open your antivirus software and run a full, deep system scan to remove any hidden malware or tracking programs.
  5. Seek recovery help safely: If you unfortunately lost money to the scam, you will likely start searching online for how to get money back from a scammer. You must be incredibly careful here. Your first and only stop should be your bank's official fraud department and your local law enforcement. Never, ever pay an online "recovery service" or "hacker" an upfront fee to get your money back. These are almost always secondary scams targeting vulnerable people who have already been victimised. Real law enforcement agencies do not charge a fee to investigate fraud.

How to Report Scam Emails and Fight Back

Instead of just deleting the email, you can take a few seconds to help protect others. Most email providers (like Gmail, Yahoo, or Outlook) have a "Report Spam" or "Report Phishing" button at the top of the screen. Clicking this helps train your email provider's filters to catch similar scams before they reach your inbox in the future.

You can also forward the scam emails directly to the official companies being impersonated (for example, forwarding PayPal scams to spoof@paypal.com), allowing their security teams to investigate and shut down the fake websites.

The Golden Rule of Email Safety

When in doubt, throw it out. It really is that simple.

If an email claims there is a problem with your bank, your favourite online store, or your government taxes, simply close the email. Open a fresh web browser, type in the company's official website address yourself, log into your account, and check your dashboard. If there is a genuine problem, there will be a clear notification waiting for you inside your secure account.

Stay safe, take your time, trust your instincts, and remember that you are entirely in control of your inbox.

Ready for more insights?