Email Scam Checker

What is email phishing?

Email phishing is a type of cyberattack where criminals send fraudulent emails that appear to come from legitimate organizations — banks, PayPal, Amazon, Apple, or government agencies — to trick recipients into revealing passwords, credit card numbers, or personal information.

According to the FBI's Internet Crime Report, phishing is consistently the most common type of cybercrime reported. In 2024, over 3.4 billion phishing emails were sent every single day. The global cost of phishing attacks exceeded $1 trillion in losses to individuals and businesses.

What makes phishing so dangerous is how convincing modern scam emails have become. Attackers use real company logos, mimic official email templates, and create fake websites that look pixel-perfect. Without careful inspection, even tech-savvy users can be fooled.

Most common types of email scams

Bank and financial institution impersonation

Scammers send emails pretending to be from your bank, PayPal, Revolut, or other financial services, claiming your account has been suspended or that unusual activity was detected. The goal is to get you to click a link leading to a fake login page that steals your credentials.

Tech company impersonation

Fake emails from Apple ("Your Apple ID has been compromised"), Microsoft ("Your account will be deactivated"), or Google ("Security alert for your account") are among the most common, redirecting to convincing fake login pages.

Package delivery scams

Fake DHL, FedEx, UPS, or USPS emails claim a package is being held due to an unpaid customs fee. A small fee ($2–$5) is requested, which serves to steal payment card details.

Advance fee fraud

An email from a stranger claims they need help transferring large funds and promises a generous cut. Any money you send is gone, and the promised transfer never materializes.

Prize and lottery scams

"Congratulations — you've been selected as our weekly winner." You never entered any competition. These scams ask for a "processing fee" to claim a prize that doesn't exist.

How to identify a phishing email: 8 red flags

1. Sender domain mismatch: The display name says "PayPal Support" but the actual address is paypal-support@random-domain.com.
2. Generic greeting: "Dear Customer" instead of your actual name. Legitimate services know who you are.
3. Urgency and threats: "Your account will be closed in 24 hours." Pressure tactics designed to bypass rational thinking.
4. Suspicious links: Hover over links before clicking. If the URL doesn't match the official domain, don't click.
5. Requests for sensitive information: No legitimate company asks for your password or full card number via email.
6. Unexpected attachments: Unexpected .zip, .exe, .pdf, or .docx files can contain malware.
7. Grammar and spelling errors: Unusual phrasing and awkward grammar remain common indicators despite improvements.
8. Too good to be true: Unexpected winnings or inheritances from unknown relatives are almost always fraudulent.

How to check email headers for authenticity

Email headers contain technical information that reveals where an email actually came from — regardless of what the "From" name displays. Two key fields:

• signed-by: Shows the domain that cryptographically signed the email (DKIM). An email claiming to be from PayPal should show signed-by: paypal.com.
• mailed-by: Shows the actual sending server. A mismatch between this and the sender domain is a major red flag.

To view headers in Gmail: open the email → click the three dots (⋮) → "Show original." Paste both the body and headers above for the most accurate risk assessment.

What to do if you received a suspicious email

1. Do not click any links or download attachments.
2. Paste the email content into our checker above for an instant risk analysis.
3. If it claims to be from a service you use, log in directly via the official app — never through the email link.
4. Report it: in Gmail, click the three dots → "Report phishing."
5. Forward it to the impersonated company's abuse team (e.g., phishing@paypal.com).

What to do if you already clicked a phishing link

1. Change your password immediately on the affected account and any account using the same password.
2. Enable two-factor authentication (2FA) if you haven't already.
3. Check for unauthorized activity on your accounts and bank statements.
4. Run a malware scan if you downloaded any attachment.
5. Contact your bank immediately if you entered payment information.
6. Report to authorities: FTC (USA) at reportfraud.ftc.gov, Action Fraud (UK) at actionfraud.police.uk.