How to check if an email is a scam
Scam emails can look polished because logos, signatures, and formatting are easy to copy. The trustworthy signals are the sender domain, link destination, attachment context, and whether the request matches your real account activity.
An email is likely a scam if the sender domain is wrong, the links point somewhere unexpected, the message creates urgency, or it asks for passwords, one-time codes, seed phrases, remote access, gift cards, crypto, wire transfers, or invoice payment outside normal channels.
Step-by-step check
- 1
Expand the sender address
Ignore the display name. Open the full email address and inspect the domain after the @ sign for misspellings, extra words, free-mail domains, and look-alike characters.
- 2
Hover or long-press every link
Check where each link actually goes before clicking. A visible brand URL can hide a completely different destination.
- 3
Check attachments by context
Unexpected invoices, shipping labels, resumes, contracts, and security reports are common malware or phishing lures. Do not open them just because the email looks professional.
- 4
Verify account claims directly
If the email says your bank, exchange, tax account, or subscription has a problem, open the official app or type the known domain yourself. Real alerts appear inside the account.
- 5
Inspect payment or credential requests
No legitimate support team needs your password, seed phrase, one-time code, remote access session, or payment by gift card or crypto.
- 6
Check the URL before entering anything
Paste suspicious links into the GACS website checker before clicking or signing in. Fresh phishing pages often appear before browser warnings catch up.
Red flags
- The sender domain is misspelled, unfamiliar, or uses a free email provider for official business.
- The email threatens closure, legal action, missed delivery, refund deadlines, or unauthorized charges.
- The link destination does not exactly match the real company domain.
- The email includes an unexpected attachment or asks you to enable macros.
- The email asks for codes, passwords, seed phrases, bank login, remote access, gift cards, or crypto.
What to do next
- ✓Do not click links from the email. Open the official site or app separately.
- ✓Forward suspicious workplace emails to your security team if you have one.
- ✓Report scam links and sender details to GACS so others can find the warning.
FAQ
Can a scam email have perfect spelling?
Yes. Modern phishing often uses clean writing, copied templates, and real logos. Domain and link checks matter more than grammar.
Is an invoice email a scam if I recognize the brand?
Not always, but unexpected invoice emails with callback numbers or payment links are high risk. Verify inside the official account before paying or calling.
What if I clicked but did not enter anything?
Close the page, do not download files, and clear the tab. If you entered credentials or approved a wallet action, follow the panic guide immediately.
Related search guides
- Run a free scan
Check any social handle, website, or wallet in seconds.
- Is this DM a scam?
Check suspicious private messages before replying.
- Check a phone number
Spot callback scams, spoofing, and smishing traps.
- Scam Education Hub
Searchable index of every GACS guide, scanner, and article.
- Scanner FAQ
24 answers on how GACS detects scams and protects privacy.