How to Tell If an Email Is a Scam — 7-Point Checklist

Every day, millions of fraudulent emails land in inboxes worldwide. Some are obvious—the infamous “Nigerian prince” offers that make you laugh. Others are terrifyingly convincing, mimicking your bank, your employer, or a service you actually use. The difference between staying safe and becoming a victim often comes down to knowing what to look for.

In this guide, we’ll walk you through a proven 7-point checklist to identify scam emails before they cause damage.

The 7-Point Scam Email Checklist

Before clicking any link or attachment, run the email through these seven checks:

1. Check the Sender’s Email Address Carefully

This is the first and most critical step. Scammers frequently use email addresses that look legitimate but have subtle differences.

What to look for:

Misspelled domain names (e.g., support@amaz0n.com instead of amazon.com)
Free email services claiming to be businesses (e.g., Gmail or Yahoo addresses for “bank” communications)
Random combinations of letters and numbers

Red flag example: An email from “security@paypa1-support.com” (note the number 1 instead of lowercase L).

If you receive an unexpected email from a company, navigate to their official website directly—not through any link in the email—to log into your account.

2. Look for Generic Greetings and Urgent Language

Legitimate companies usually address you by name. Scammers often use vague, generic greetings because they send thousands of emails at once.

Watch for these phrases:

“Dear Customer”
“Dear User”
“Dear Valued Member”

Urgency is a major warning sign. Scammers create panic to make you act without thinking:

“Your account will be suspended in 24 hours”
“Immediate action required”
“Your payment has failed—update now”

Real organizations give you time to respond. Urgency is a manipulation tactic.

3. Examine Links Before Clicking (Hover, Don’t Click!)

This is where many people fall victim. The link looks legitimate, but it leads somewhere dangerous.

How to check:

On desktop, hover your mouse over any link (without clicking)
Look at the URL that appears—does it match the supposed sender?
On mobile, long-press (hold down on) the link to preview the URL

Red flags in URLs:

Typos in brand names (micros0ft.com, paypaI.com)
Unusual domain extensions (.xyz, .top, .info instead of .com, .org)
Extra words or subdomains (amazon-verify.com is NOT amazon.com)
IP addresses instead of domain names

Pro tip: When in doubt, manually type the website’s URL into your browser instead of clicking.

4. Check for Spelling and Grammar Errors

Professional companies employ editors. Scam emails frequently contain obvious mistakes:

Typos in common words
Incorrect punctuation
Awkward sentence structures
Inconsistent formatting

While occasional errors happen in legitimate emails, multiple errors in what claims to be from a major organization is a huge red flag.

5. Verify Requests for Personal or Financial Information

Legitimate organizations will NEVER:

Ask for your password via email
Request full credit card numbers or CVV codes
Ask you to confirm sensitive information through email
Demand wire transfers or gift card payments

This is critical: If an email asks you to provide, verify, or update personal information—especially financial details—treat it as suspicious. Instead, contact the organization directly through their official channels.

Common scam scenarios:

“Your bank account has been compromised—click here to verify”
“IRS refund waiting—provide your details”
“Netflix payment failed—update your card”

6. Analyze Attachments Carefully

Malicious attachments can install malware, ransomware, or spyware on your device.

Never open attachments if:

You weren’t expecting the email
The file type seems unusual (especially .exe, .scr, .zip, .jar)
The sender is unknown or unverified
The filename is vague (“invoice_updated.pdf” from an unknown sender)

Even for known senders: Be cautious. Their account might be compromised. If something feels off, message them through a different channel to confirm they sent it.

Safe rule: When in doubt, don’t open it.

7. Trust Your Gut and Verify Independently

If something feels wrong, it probably is. Your instincts are a powerful defense.

What to do:

Don’t respond to suspicious emails
Don’t call numbers provided in suspicious emails
Don’t click “unsubscribe” links in suspect emails (this confirms your email is active)
Contact the organization directly using contact information from their official website

Use the phone: If an email claims to be from your bank, call the number on the back of your card—not a number in the email.

What to Do If You Spot a Scam Email

Don’t click any links or download attachments
Report it to your email provider (Gmail, Outlook, and Yahoo all have built-in reporting features)
Forward suspicious emails to the organization being impersonated (e.g., reportphishing@amazon.com)
Delete the email from your inbox
If you’ve already clicked: Disconnect from the internet immediately and run a malware scan

Stay Safe Online: Additional Protections

Beyond identifying scam emails, consider these security measures:

Use a reputable VPN like NordVPN or Surfshark to encrypt your connection and protect your data on public Wi-Fi
Enable two-factor authentication on all important accounts
Use unique passwords for each account
Keep your software updated to patch security vulnerabilities

Final Thoughts

Scammers rely on haste, fear, and curiosity. By following this 7-point checklist—checking the sender, watching for urgency, examining links, spotting errors, protecting your information, avoiding suspicious attachments, and trusting your instincts—you’ll block the vast majority of scam emails before they can do harm.

Stay vigilant. When in doubt, verify through official channels. And remember: if an offer seems too good to be true, it probably is.

Stay safe out there, and keep checking those inboxes carefully.