How to Spot Phishing Emails
6 minute read
Learn the warning signs that an email might be fake — including AI-generated scams.
Phishing emails pretend to be from companies or people you trust to steal your information. They’re getting harder to spot — especially now that scammers use AI to write perfect messages. Here’s how to catch them anyway.
The 5 Things to Check
1. The Sender’s Real Email Address
The name might say “Amazon” or “Your Bank” — but what’s the actual email address?
How to check: Click or tap on the sender’s name to reveal the real address.
| Appears As | Actual Email | Safe? |
|---|---|---|
| Amazon | noreply@amazon.com | ✅ Real |
| Amazon | amazon-security@gmail.com | ❌ Scam |
| Bank of America | alert@bankofamerica.com | ✅ Real |
| Bank of America | boa-security@secure-banking.com | ❌ Scam |
| Netflix | info@mailer.netflix.com | ✅ Real |
| Netflix | netflix@account-update.info | ❌ Scam |
The trick: Scammers often use email addresses that look close but aren’t quite right. Watch for:
- Extra words: amazon-security@gmail.com
- Wrong domains: @amaz0n.com (zero instead of ‘o’)
- Suspicious endings: @amazon.billing-center.com
2. Urgency and Threats
Scammers want you to panic and click without thinking.
Red flag phrases:
- “Your account will be suspended in 24 hours”
- “Immediate action required”
- “You will be arrested”
- “Your payment was declined”
- “Unusual sign-in activity detected”
- “Confirm your identity or lose access”
Reality check: Real companies rarely threaten you. If Amazon had a problem with your account, they wouldn’t threaten to close it in 24 hours — they’d just fix it or wait for you to log in.
3. Where Links Actually Go
Before clicking any link, check where it really leads.
On a computer: Hover your mouse over the link (don’t click). Look at the bottom-left of your browser to see the real destination.
On a phone: Press and hold the link (don’t tap). A preview will appear.
| Link Says | Actually Goes To | Safe? |
|---|---|---|
| amazon.com/order | amazon.com/order | ✅ Safe |
| amazon.com/verify | amaz0n-secure.com/verify | ❌ Scam |
| Click here to verify | bit.ly/2xK9dL3 | ⚠️ Suspicious |
| Your order | tracking.amazon-shipment.xyz | ❌ Scam |
When in doubt: Don’t click. Go to the website directly by typing it yourself.
4. Generic Greetings
Real companies usually know your name.
| Greeting | What It Suggests |
|---|---|
| “Dear John Smith” | More likely real — they know you |
| “Dear valued customer” | Could be mass phishing |
| “Dear user” | Could be mass phishing |
| “Dear john.smith@email.com” | Red flag — using your email as your name |
But: Some legitimate emails do use generic greetings, so don’t rely on this alone.
5. Spelling and Grammar (With a Catch)
Traditional advice says to watch for typos and bad grammar. That still helps, but here’s the catch:
AI has changed the game. Scammers now use AI to write perfect, convincing emails. You can no longer assume a well-written email is safe.
What to look for instead:
- The email asks you to do something (click, call, send money, verify)
- Something feels “off” even if you can’t explain why
- It arrived unexpectedly about a problem you weren’t aware of
Real vs Fake: Can You Tell?
Example 1: Fake Amazon Email
From: Amazon Security <security@amazon-verify.com>
Subject: Your Account Has Been Locked!!!
Dear Valued Customer,
We have detected unusual activity on you’re account. You must verify your information within 24 hours or your account will be permanently suspended.
[Verify Now]
Red flags: Wrong domain (amazon-verify.com), urgency (“24 hours”), threat (“suspended”), grammar error (“you’re”), generic greeting, all-caps subject line.
Example 2: Real Amazon Email
From: Amazon.com <ship-confirm@amazon.com>
Subject: Your Amazon.com order of “USB Cable” has shipped
Hello John,
Your order has shipped! Track your package: [Track Package]
Order #123-4567890-1234567
Signs it’s real: Correct domain, no urgency, uses your name, specific order number you recognize, no threats.
Example 3: Tricky AI-Generated Scam
From: Netflix Support <support@netflix-billing.com>
Subject: Action needed: Update your payment method
Hi John,
We noticed your last payment didn’t go through. To avoid any interruption to your service, please update your payment information.
This usually happens when a card expires or your bank declines a charge for security reasons. It only takes a minute to fix.
[Update Payment Method]
Thanks for being a Netflix member!
The Netflix Team
Why this is tricky: Perfect grammar, friendly tone, reasonable explanation, no obvious threats. But look at the sender: netflix-billing.com is not Netflix’s real domain. The email address is the giveaway.
When You’re Not Sure
-
Don’t click anything in the email
-
Go directly to the website — Type amazon.com (or whatever company) in your browser yourself
-
Log in normally — If there’s a real problem, you’ll see it there
-
Call the company — Use the phone number from their official website or your account statement, never from the email
-
Report it — Forward suspicious emails to:
- Amazon: stop-spoofing@amazon.com
- PayPal: phishing@paypal.com
- Apple: reportphishing@apple.com
- Microsoft: phish@office365.microsoft.com
The Bottom Line
It’s always safe to verify. No legitimate company will punish you for being careful. If the email is real, you’ll find the same information when you log in directly. If it’s fake, you just protected yourself.
Quick Checklist
✓ Check the sender’s actual email address, not just the display name
✓ Be suspicious of urgency, threats, and pressure
✓ Hover over links before clicking
✓ When in doubt, go to the website directly
✓ Remember: Perfect grammar doesn’t mean it’s safe (AI scams exist)
Practice Your Skills
Think you can spot phishing emails? Test yourself with real examples.