Types of Scammers: Common Scams to Avoid

Phone Scams

Dating Scams

Checking whether an email is a scam involves a combination of common sense and careful observation. Scammers often use phishing tactics, social engineering, or malicious links to deceive recipients. Here’s a step-by-step guide on how to determine if an email is a scam:

• Check the domain: Look closely at the sender’s email address. Scammers often use an email that looks like it’s from a legitimate company but has a slight variation in the domain name (e.g., "amazon-support@amaz0n.com" instead of "support@amazon.com").

• Mismatch between the sender’s name and email address: If the displayed name (e.g., "PayPal Support") doesn’t match the email address, that’s a red flag.

• Scam emails often contain spelling errors, awkward phrasing, or unusual grammar. Reputable companies usually take care to proofread their emails, while scam emails are often poorly written.

• Urgency or Fear Tactics: Many scam emails try to create a sense of urgency (e.g., “Your account will be suspended unless you take action immediately!”). Legitimate companies rarely pressure customers with threats.

• Too-Good-to-Be-True Offers: If an email promises something that seems too good to be true (e.g., a free iPhone, a lottery win, or a large sum of money), it’s likely a scam.

• Request for Sensitive Information: Be very wary if the email asks for personal information like passwords, credit card numbers, or Social Security numbers. Legitimate companies won’t ask for sensitive information via email.

• Hover over the links: Without clicking, hover your mouse over any link in the email. Check whether the link matches the supposed destination (e.g., a link that says "PayPal" but actually directs you to "paypalscam.com" is a red flag).

• Use a URL checker: If you’re unsure about a link, you can copy and paste the URL into a trusted URL-checking service like Google’s Safe Browsing or VirusTotal.

• Review the email headers: In some email clients, you can access the full email headers, which show detailed routing information. Look for discrepancies between the "From" address and the actual source of the email.

  • For Gmail: Click the three dots next to the reply button and select "Show Original."

  • For Outlook: Right-click the message, select "View Message Source."

• DKIM or SPF Authentication: These are email authentication methods used by legitimate companies. If the email fails authentication (sometimes indicated by a "via" tag next to the sender's name), it could be a sign of spoofing.

• Don’t open attachments from unknown senders: Malicious attachments can contain viruses or malware. Common dangerous file types include .exe, .zip, .scr, or even .doc files.

• Use an antivirus scanner: If you’re unsure about an attachment, scan it with an antivirus tool before opening.

• Generic greetings: Scammers often use impersonal greetings like “Dear customer” or “Dear user,” while legitimate companies usually address you by name.

• Account-specific details: Look for specific details in the email (e.g., your account number or recent transaction information). Scam emails are often vague because the sender doesn’t have your actual account details.

• Search online: Copy part of the email’s content (or the sender’s address) and search it online. Many scam emails are reported by other users, and you may find forums or websites flagging it as fraudulent.

• Check the official website: If the email claims to be from a well-known company (e.g., PayPal, Amazon), go directly to the company’s website (without clicking any links in the email) and check if they have any security warnings or notices about phishing.

• If it feels off, don’t engage: If something about the email seems suspicious or you’re uncomfortable with its content, it’s better to delete the email or report it as spam.

• Many email providers (like Gmail and Outlook) have built-in anti-phishing filters. Keep these protections enabled.

• You can also install browser plugins or antivirus software that helps identify phishing sites and scam emails.

• Urgent or threatening language.

• Mismatched sender information (email address or domain).

• Requests for personal information.

• Suspicious links or attachments.

• Generic greetings and vague information.

• Poor spelling and grammar.

If you suspect an email is a scam, do not click on any links or open any attachments. You can also report phishing attempts to your email provider or the company being impersonated.

1. Phishing Email Example (Impersonating a Bank)

Subject: Important: Your Account Will Be Locked Soon!

From: support@yourbank-alert.com
To: Dear Customer,

We have detected suspicious activity on your account and your immediate action is required. If you do not verify your identity within 24 hours, your account will be locked.

Please click on the link below to verify your account:
Click here to verify your account

Thank you for your prompt attention to this matter.

Sincerely,
YourBank Security Team

Red Flags:

• The sender’s email (support@yourbank-alert.com) doesn’t match the official bank domain (e.g., @yourbank.com).

• The email creates urgency by threatening to lock your account if you don’t act quickly.

• The link doesn’t go to the official bank website (hovering over it shows a suspicious URL, e.g., yourbank-fake-verification.com).

• There is a generic greeting (“Dear Customer”) rather than addressing you by your actual name.

2. Lottery Scam Email Example

Subject: Congratulations! You’ve Won $1,000,000!

From: lottery-notice@luckywinner.com
To: Dear Winner,

We are pleased to inform you that you have won the sum of $1,000,000 in the International Lottery. To claim your prize, please reply to this email with the following information:

• Full Name

• Address

• Phone Number

• Bank Account Details

We look forward to processing your claim quickly. Please respond within 48 hours to avoid forfeiture of your prize.

Sincerely,
The Lottery Claims Department

Red Flags:

• The email is unsolicited (you never entered a lottery).

• The sender’s address is not from a legitimate organization, and the domain (@luckywinner.com) seems suspicious.

• It asks for sensitive personal and financial information, which no legitimate lottery would request via email.

• The claim that you’ve won an enormous sum without any prior engagement (e.g., no proof of participation) is a classic lottery scam tactic.

3. Fake Invoice Scam

Subject: Your Invoice Is Overdue – Pay Immediately

From: billing@invoice-alert.com
To: customer123@example.com

Dear customer,

Your invoice #142567 is overdue. Please remit payment of $489.00 immediately to avoid service disruption.

Click here to pay now

Regards,
Billing Department

Red Flags:

• The sender’s email address (@invoice-alert.com) does not match any company you’ve done business with.

• The email creates urgency by stating that your payment is overdue and threatens consequences (service disruption).

• The invoice is fake; you don’t recognize it, and the URL is suspicious.

• Legitimate companies will rarely ask you to pay invoices without additional details like account numbers or service descriptions.

4. Tech Support Scam

Subject: Your Computer Has Been Infected – Urgent Action Required

From: support@techhelp-secure.com
To: user@example.com

We have detected that your computer is at risk and requires immediate attention. Click on the link below to download our security tool to remove the threat.

Download Security Tool Now

If you do not act within 24 hours, your data may be compromised.

Sincerely,
Tech Help Support Team

Red Flags:

• The sender is not from a legitimate tech company, and the email address is not associated with any recognized brand.

• There’s an attempt to scare you by claiming that your computer is at risk and offering an urgent solution.

• The link could lead to malware or spyware, and the URL looks suspicious (malware-scam.com).

6. CEO Fraud (Business Email Compromise)

5. Fake Charity Donation Scam

Subject: Urgent Help Needed for Disaster Relief!

From: donate@charity-aid.org
To: user@example.com

Dear kind supporter,

In light of the recent earthquake, thousands of families need immediate aid. We are accepting donations to provide food, water, and shelter to those affected.

Please donate through the link below:
Donate Here

Every dollar counts! Thank you for your support.

Sincerely,
Disaster Relief Team

Red Flags:

• The charity may sound familiar, but the sender’s email domain (@charity-aid.org) does not match any legitimate charity’s domain.

• There’s an attempt to play on emotions to prompt you to donate quickly without checking the organization.

• The donation link does not go to a verified, secure website (e.g., it should be https://legitimate-charity.org).

Subject: URGENT: Wire Transfer Needed Today

From: ceo@company-fake.com
To: accountant@example.com

Hi [Accountant’s Name],

I need you to process a wire transfer of $20,000 to the following account ASAP. We need this done urgently for a new business acquisition.

Let me know when it's done.

Best,
[Your CEO’s Name]

Account Information:

• Account Number: 12345678

• Bank Name: FakeBank

Please confirm the transfer today.

Red Flags:

• The email claims to be from your CEO or higher management, but the sender’s address doesn’t match the company’s domain (it could be something similar like @company-fake.com instead of @company.com).

• It uses urgency and pressure to push for an immediate wire transfer without following normal company procedures.

• There’s a request for sensitive financial information, which should not be done over email.

2. Look for Poor Grammar and Spelling Mistakes

3. Analyze the Content of the Email

4. Inspect the Links Without Clicking

5. Check for Spoofing in the Email Header

6. Search for Any Suspicious Attachments

7. Check for Personalization

8. Research the Sender or Email

9. Trust Your Instincts

10. Use Anti-Phishing Tools

Red Flags for Scam Emails Recap:

1. Examine the Sender's Email Address

These are examples of how scammers try to deceive users by creating urgency, offering enticing rewards, or impersonating trusted entities. Always be skeptical of unsolicited requests for personal information, and don’t click on suspicious links. If in doubt, verify directly with the company or person in question before taking any action.

urlscan.io is a security tool that allows users to analyze and investigate websites for potential threats. By scanning URLs, it provides detailed insights into a site’s content, DNS records, embedded resources, and other elements that may indicate malicious activity. This tool helps users spot phishing sites, fake domains, and other scams, making it an invaluable resource for identifying unsafe websites before interacting with them.

Learn more at urlscan.io.