ClearGuide Tech
phishingemail safetyscam prevention

How to Tell If an Email Is Fake: A Simple Checklist

ClearGuide Tech
Person reviewing email on a laptop, looking carefully at the screen

The FBI received 193,407 phishing complaints in 2024 alone, and phishing losses jumped from $18.7 million to $70 million in a single year (FBI IC3, 2024). Fake emails are the most common way scammers try to steal your personal information or your money.

The good news: once you know what to look for, fake emails are usually easy to catch. Most of them share the same handful of warning signs. This checklist walks you through each one.

Key Takeaways

  • 96% of all phishing attacks are delivered by email, making your inbox the most common entry point for scams (StationX, 2026).
  • The sender's email address is the single most reliable thing to check first.
  • Fake urgency ("Act now or your account will be closed") is the most common pressure tactic scammers use.
  • When in doubt, go directly to the company's website instead of clicking anything in the email.

Start Here: The Quick 10-Point Checklist

Run through these checks whenever an email makes you pause. You don't need to know anything about technology to use them.

  1. Does the sender's email address match the company it claims to be from?
  2. Were you expecting this email?
  3. Does it pressure you to act immediately?
  4. Does it ask for your password, Social Security number, or bank details?
  5. Do the links look suspicious when you hover over them?
  6. Are there spelling mistakes or awkward phrasing?
  7. Does the greeting use your real name, or something vague like "Dear Customer"?
  8. Do attachments seem unexpected or out of place?
  9. Does something about it just feel off?
  10. Did you verify directly with the company before clicking anything?

If you answered "yes" to any of questions 2 through 9, treat the email with caution. The sections below explain each sign in detail.

How Do You Check the Sender's Email Address?

The sender's email address is the most important thing to check, and it's the most commonly faked. Around 96% of phishing attacks arrive by email, and most use addresses designed to look legitimate at first glance (StationX, 2026). A small difference in the address is often the only giveaway.

Look at the actual email address, not just the name displayed. The displayed name (what shows up before the address) can say anything. "Chase Bank" can be set by anyone. What matters is the part after the "@" symbol.

What to look for:

  • A real email from Chase would come from a @chase.com address
  • A fake might use @chase-secure.com, @chase.support.net, or @gmail.com
  • Even one extra word, number, or hyphen in the domain is a red flag

How to see the full address:

  • On a phone: tap the sender's name to expand it
  • On a computer: hover over the name or click it to reveal the full address
  • If you're still not sure, search the company's official website and look up their contact email address to compare

Something worth knowing: Scammers don't need to use a fake domain at all. A practice called "spoofing" lets them display any name or address they choose. If an email looks legitimate but still feels wrong, that feeling is worth trusting.

Why Does Urgency Feel So Suspicious?

Fake urgency is the most reliable sign of a scam email. Scammers create pressure to prevent you from stopping to think. In 2024, impersonation scams using urgent language cost older adults $375 million (FTC, 2024).

Real companies almost never send emails that require immediate action with serious consequences. Your bank will not close your account in 24 hours without warning you by mail, phone, and multiple previous emails. The IRS will not ask you to pay a fine today or face arrest.

Common urgent phrases in fake emails:

  • "Your account has been compromised. Act now."
  • "You have 24 hours to respond or your account will be suspended."
  • "Immediate action required."
  • "Claim your refund before it expires."

What real companies do instead:

  • Send multiple notices over time before taking action
  • Direct you to their website to resolve issues, rather than asking you to reply directly
  • Never demand gift card payment, wire transfers, or cryptocurrency

If an email tells you to act immediately and doesn't give you time to verify, that's the scam working as intended. Slow down.

Top Warning Signs in Phishing EmailsPercentage of phishing emails that include each tactic. Source: FBI IC3 / FTC, 2024.Urgent language78%Suspicious link68%Spoofed address58%Generic greeting45%Requests credentials35%Source: FBI IC3 2024 Annual Report and FTC Consumer Sentinel 2024.
Common tactics found in phishing emails. If an email shows more than one of these signs, treat it with serious caution.

What Should a Suspicious Link Look Like?

About 68 percent of phishing emails contain a link designed to take you somewhere other than where it claims (FBI IC3, 2024). The link text might say "click here to verify your account at Amazon" but lead somewhere completely different.

How to check a link without clicking it:

On a computer: hover your mouse over the link (don't click). Look at the bottom of your browser window. It will show you the actual web address the link leads to. If it doesn't match the company in the email, don't click.

On a phone: press and hold the link (don't tap). A small window should appear showing you the actual address before you go there.

What to look for:

  • Does the address start with the real company's name? (amazon.com, not amazon-update.net)
  • Is there a long string of random letters or numbers before the company name?
  • Does it use a link-shortening service (like bit.ly) when you'd expect a real company link?

If you can't tell from hovering, the safest move is to open a new browser tab, type the company's address yourself, and log in there to check your account.

Does Spelling and Tone Tell You Anything?

Spelling errors and awkward phrasing used to be a reliable sign of a fake email. That's changing. In 2024, researchers found that 82.6 percent of detected phishing emails showed signs of AI generation (Egress, 2025), which means many fake emails are now grammatically clean.

That said, certain tone patterns still show up frequently in scam emails.

Language patterns to watch for:

  • Vague greetings: "Dear Customer," "Dear Account Holder," "Dear User" (a real company knows your name)
  • Overly formal or stiff phrasing that doesn't sound like any company's real email style
  • Threats or warnings that feel disproportionate to the situation
  • Compliments or flattery before making a request ("As a valued and trusted customer...")

What good company emails usually do:

  • Use your first name or full name
  • Match the tone you've seen from that company before
  • Explain a clear reason for contacting you without pressure

What ClearGuide hears often: Many people who were almost fooled by a phishing email describe a vague sense that "something was off" before they could name exactly what it was. That instinct is worth following. If an email doesn't feel quite right, stop before clicking anything.

Are Attachments Ever Safe to Open?

Unexpected attachments are one of the most dangerous parts of a phishing email. The FBI's 2024 IC3 report identified malicious attachments as a primary delivery method for fraud that cost Americans $16.6 billion (FBI IC3, 2024).

Opening an attachment from a fake email can install software that lets someone else control your computer, view your files, or record your passwords as you type them.

When attachments are suspicious:

  • You weren't expecting any document, invoice, or file from this sender
  • The email asks you to open the file to "view your statement," "confirm your order," or "see your refund"
  • The file type is unusual: .exe, .zip, .docm, or files that ask you to "enable macros" when opened

When attachments are more likely safe:

  • You requested something (a receipt, a confirmation, a form you asked to be sent)
  • The sender is someone you know and the attachment makes sense in context
  • You verified by calling or texting the sender directly before opening

If you receive an unexpected attachment and you're not certain it's safe, don't open it. Contact the sender through a phone number or email address you already have (not one from the suspicious email).

Get Help Now

How Do You Verify Without Clicking Anything?

The safest way to respond to any suspicious email is to verify it without using anything in the email itself. This approach removes any risk from fake links, spoofed addresses, or malicious attachments entirely.

Three safe ways to verify:

1. Go directly to the website. Open a new browser tab. Type the company's address yourself (for example, type amazon.com, not click the link in the email). Log in normally. If there's a real problem with your account, it will show up there.

2. Call the company directly. Find the phone number on the back of your card, on a recent paper statement, or on the company's official website. Do not use any phone number listed in the suspicious email.

3. Ask someone you trust. If you're not sure whether an email is real, show it to a family member, a friend, or a trusted advisor before doing anything. Getting a second opinion is always reasonable.

Our finding: When people check an email by going directly to the company's website rather than clicking the link, they avoid the risk entirely, even if the email turns out to be real. It's a habit that protects you regardless.

Frequently Asked Questions

What if the email looks exactly like a real one from my bank?

Real-looking emails are common. Scammers copy logos, fonts, and layouts from real company emails. The best check is still the sender's email address and where the links actually lead. When in doubt, log into your bank account directly by typing your bank's address into a new tab rather than using anything in the email.

Can I get in trouble just by opening a fake email?

Opening most phishing emails is generally safe on its own. The risk comes from clicking links, opening attachments, or responding with personal information. If you opened a suspicious email but didn't click anything, you most likely did not expose yourself to harm.

What should I do if I already clicked a link in a suspicious email?

Close the page immediately without entering any information. Change your password for any accounts that email was related to. If you entered your password or financial information on the page, contact your bank right away and report the incident to the FTC at reportfraud.ftc.gov. For a full guide on what to do after a scam, see what to do if you've been targeted.

How do I report a phishing email?

You can forward suspicious emails to spam@uce.gov (the FTC) or to the company being impersonated (most major companies have a phishing report address). Most email programs also have a "Report phishing" or "Mark as spam" button. Reporting helps protect others from the same scam.

Why do I keep getting these emails even after marking them as spam?

Scammers send phishing emails from constantly changing addresses, so spam filters don't always catch them. Marking emails as spam helps your email program learn over time, but it won't stop all future attempts. The best protection is knowing the warning signs rather than relying on filters alone.

The Bottom Line

Fake emails rely on you acting quickly without thinking. The moment you slow down and check a few simple things, most of them fall apart.

The single most important habit is this: before clicking anything in an email, ask yourself whether you were expecting it and whether you can verify it by going directly to the company's website.

Quick recap of the checklist:

  • Check the sender's actual email address
  • Look for pressure to act immediately
  • Hover over links before clicking them
  • Don't open unexpected attachments
  • Verify by going to the website directly, not through the email

If you've received an email that worried you, or if you're not sure whether something on your computer is safe, ClearGuide can connect you with a trusted tech advisor who can walk you through it in clear everyday language.

Learn about other common online scams targeting older adults

← Back to all articles