How to Tell If an Email Is a Scam or Phishing

6 min read · Applies to Gmail, Outlook, Apple Mail, and all email services

Phishing emails — fake emails designed to steal your password or financial information — are now incredibly convincing. They can look exactly like emails from Apple, your bank, Amazon, or PayPal. But they always leave clues. Once you know what to look for, you'll spot them immediately every time.

7 Warning Signs an Email Is a Scam

📧

The sender's email address doesn't match the company

An email might say "Apple Support" in the display name, but look at the actual email address — it might be something like support@apple-helpdesk-secure.net. Real Apple emails only come from @apple.com. Always click on the sender name to expand and reveal the actual email address.

🚨

Urgent or threatening language

Scammers create panic to make you act without thinking: "Your account will be suspended in 24 hours," "Immediate action required," "Unusual sign-in activity detected." Legitimate companies rarely threaten immediate consequences via email. When you feel rushed, slow down instead.

🔗

Links that go somewhere unexpected

Hover your mouse over any link in the email (don't click — just hover). The actual URL it goes to will appear in the bottom of your browser or as a tooltip. If the link text says "verify your account" but the URL shows something like http://secure-paypa1.net/login, it's a scam.

📎

Unexpected attachments

Never open an attachment you weren't expecting — especially files ending in .exe, .zip, .docm, or .xlsm. Even PDFs can contain malicious code. If a company wants you to review a document, they'll typically direct you to log in to your account directly to find it.

✍️

Spelling mistakes or odd phrasing

Professional companies proofread their emails. While modern scam emails are getting better, watch for awkward phrasing, inconsistent capitalisation, or sentences that just feel slightly "off." Trust your gut — if something reads strangely, it probably is.

💳

Requests for payment or personal information

No legitimate company will ask for your password, full credit card number, or Social Security number via email. Banks never ask you to confirm account details by replying to an email. If an email asks for this, it's a scam — full stop.

🎁

You "won" something you didn't enter

Prize notifications, lottery winnings, and inheritance emails are classic scams. If you didn't enter a competition, you didn't win. These emails aim to get you to pay a small "processing fee" or hand over personal details to claim your "prize."

Already clicked a link? Don't enter any information on the page it opened. Close the tab immediately. If you entered a password, change it right away on the real website. If you entered payment information, contact your bank to flag potential fraud.

When You're Not Sure: Verify Directly

If you get an email claiming to be from your bank, Apple, Amazon, or any service you use — and you're not 100% sure it's real — don't click anything in the email. Instead, open a new browser tab and go directly to the company's website by typing the address yourself. Log in and check if there are any real notifications or issues with your account. This one habit will protect you from nearly every phishing attempt.

Report phishing: In Gmail, click the three dots next to the email and select Report phishing. In Outlook, select the email and click Report › Report Phishing. This helps protect others from the same scam.

Not sure if an email is real?

Describe it to Koda — the sender, the subject, and what it's asking — and get an instant second opinion.

Get instant help from Koda →