Is This Email a Scam? A Quick Checklist

You received an email that feels off. Maybe it is from your bank asking you to verify your account. Maybe it is a shipping notification for something you did not order. Maybe it is from a colleague asking for an urgent wire transfer.

Run through this checklist before you click anything.

The 8-point checklist

1. Check the sender address (not the display name)

The display name can say anything — "Amazon Customer Service", "Your Bank", "IT Department." What matters is the actual email address after it.

• Legitimate: noreply@amazon.com
• Scam: noreply@amazon-support-verify.com

Look at the domain (after the @). Is it exactly the company's real domain? Not a lookalike, not a subdomain of something else, not a misspelling.

2. Hover over links (do not click)

Move your mouse over any link in the email and look at the URL that appears in the bottom-left of your browser or email client.

• Legitimate: https://www.paypal.com/activity
• Scam: https://paypal.com.secure-verify.ru/activity

The real domain is the part just before the first /. In the scam example, the real domain is secure-verify.ru — the paypal.com part is just a subdomain trick.

3. Is there artificial urgency?

Scam emails almost always pressure you to act immediately:

• "Your account will be suspended in 24 hours"
• "Unusual activity detected — verify now"
• "Payment failed — update immediately or lose access"

Legitimate companies rarely threaten immediate consequences via email. If something is truly urgent, they call you.

4. Were you expecting this email?

• Shipping notification but you did not order anything? Scam.
• Invoice from a company you have never used? Scam.
• Password reset you did not request? Someone may be trying to access your account (do not click the link — go to the site directly).

5. Does it ask for sensitive information?

No legitimate company will ask you to reply with:

• Your password
• Credit card numbers
• Social security / national ID numbers
• One-time verification codes

If an email asks for any of these, it is a scam. Period.

6. Are there unexpected attachments?

Be especially suspicious of:

• .exe, .zip, .js, .iso files
• Password-protected archives ("the password is in the email body")
• Word/Excel files that ask you to "enable macros"

If you did not expect a file, do not open it. If someone you know sent an unexpected attachment, verify with them through a different channel before opening.

7. Is the greeting generic?

"Dear Customer", "Dear User", "Dear Account Holder" — legitimate services usually address you by name. Generic greetings suggest the sender does not actually know who you are.

However: AI-generated phishing CAN use your real name (scraped from social media or breach data). A personalized greeting does not guarantee legitimacy.

8. Does the Reply-To match the From?

Some scams send from a legitimate-looking address but set the Reply-To to a different (attacker-controlled) address. If you reply, your response goes to the scammer. Check if the Reply-To matches the From address.

Quick decision tree

1. Sender address looks wrong? → Scam. Delete.
2. Link URLs do not match the company? → Scam. Delete.
3. Creates artificial urgency? → Probably scam. Verify independently.
4. Asks for sensitive info? → Scam. Delete.
5. Unexpected attachment? → Do not open. Verify with sender.
6. Everything looks right but feels off? → Navigate to the service directly (type the URL). Do not use the email link.

What to do when you spot a scam

• Do not click, reply, or open attachments
• Mark as spam in your email client — this trains the filter
• Block the sender
• If you already clicked: change your password immediately, enable 2FA, and monitor your accounts

For a deeper technical analysis of phishing techniques, see The Anatomy of a Phishing Email.