Security Guide February 4, 2026 14 min read

Is This Email Real? How to Verify Before You Click

Over 90% of cyberattacks start with a phishing email. Learn the exact steps to verify any email's legitimacy before clicking links, downloading attachments, or sharing personal information.

Why Email Verification Matters

Email is the most common way scammers reach victims. In 2025, phishing emails stole over $10.3 billion from Americans, with a single click costing victims an average of $5,700. These emails look increasingly legitimate, copying real companies' designs, logos, and writing styles.

The good news: with the right knowledge, you can spot nearly every phishing email before it causes harm. This guide teaches you to examine emails like a security expert, using simple techniques that take just 30 seconds.

The Stakes Are High

One click on a malicious link can install malware that records your keystrokes, steals your passwords, accesses your bank accounts, and locks your files for ransom. Email verification is not optional—it's essential self-defense.

Step 1: Examine the Sender's Email Address

The sender's email address is your first and most reliable clue. Scammers can fake a display name, but the actual email address is harder to disguise.

How to Check the Real Email Address

On computer: Click on the sender's name. The full email address will appear. In Gmail, you can also hover over the name to see details.

On smartphone: Tap the sender's name or photo at the top of the email. The full email address will display.

Example: Fake Bank Email

Display Name: Chase Bank Security
Actual Email: security@chase-alert-team.com

Red flags:

Real Chase emails come from @chase.com, not variations
Extra words like "alert-team" are suspicious
Legitimate companies own their exact domain names

Common Sender Address Red Flags

Misspellings: amaz0n.com (with a zero), paypa1.com (with a one)
Extra words or hyphens: amazon-security.com, support-apple.com
Wrong domain extensions: netflix.net instead of netflix.com, irs.com instead of irs.gov
Free email services: Legitimate companies don't send official notices from @gmail.com, @yahoo.com, or @outlook.com
Random characters: service@amzn-2024-support.net

Know the Real Domains

Major companies use these exact domains:

Amazon: @amazon.com
PayPal: @paypal.com
Apple: @apple.com
Microsoft: @microsoft.com
IRS: @irs.gov (government uses .gov, never .com)
Social Security: @ssa.gov

If the domain doesn't match exactly, it's not legitimate.

Step 2: Hover Over Links (Don't Click!)

Phishing emails contain malicious links that look legitimate in the email text but actually lead to fake websites. You can reveal the real destination without clicking.

How to Check Links Safely

On computer: Place your mouse cursor over any link in the email. Don't click—just hover. After 1-2 seconds, a small box will appear showing the actual URL the link goes to.

On smartphone: Press and hold on the link. A menu will appear showing the full URL. Tap outside the menu to close it without following the link.

Example: Deceptive Link

What the email shows:

Click here to verify your account: www.paypal.com/verify

What the link actually goes to (revealed by hovering):

http://paypa1-secure.xyz/login.php

Red flags:

The real destination doesn't match what's displayed
Uses "paypa1" (with number 1) instead of "paypal"
Suspicious domain extension .xyz instead of .com
Uses "http" instead of secure "https"

Link Red Flags

URL doesn't match company name: Amazon links should go to amazon.com, not other domains
IP addresses instead of names: Links like http://192.168.0.1 are highly suspicious
Suspicious URL shorteners: Bit.ly, tinyurl links that hide the real destination
Extra subdomains: security.verify.amazon-check.com (real Amazon uses just amazon.com)
Misspellings in the URL: Any variation of the company's real domain name

Step 3: Look for Urgency and Threats

Phishing emails manipulate your emotions to bypass logical thinking. They create panic, fear, or false hope to make you act immediately without verification.

Common Urgency Tactics

"Your account will be closed in 24 hours" — Real companies give you more time and multiple warnings
"Suspicious activity detected—verify now!" — Banks have proper fraud departments; they don't operate via email links
"You've won a prize—claim immediately!" — If you didn't enter a contest, you didn't win
"Action required or lose access" — Legitimate services notify you repeatedly through multiple channels
"Tax refund waiting—update your information" — The IRS communicates via postal mail, not email
"Package delivery failed—confirm address" — Delivery companies retry deliveries; they don't need your email confirmation

The Truth: Legitimate companies want to keep you as a customer. They don't threaten account closure via a single email. Real urgency comes with phone calls, letters, and multiple touchpoints—never just one email.

The Fear Factor

Scammers use urgency because it works. When you're panicked about losing your bank account or worried about a package, you skip the verification steps that would reveal the scam. Always pause when an email demands immediate action.

Step 4: Examine Grammar, Design, and Personalization

Professional companies employ writers, designers, and proofreaders. Their emails are polished. Phishing emails often contain subtle (or obvious) flaws.

Signs of a Fake Email

Grammar and spelling errors:

Typos in prominent places like subject lines or buttons
Awkward phrasing that sounds like bad translation
Inconsistent capitalization or punctuation
Wrong verb tenses or articles (a/an/the)

Poor design quality:

Blurry or low-resolution logos
Misaligned text or images
Inconsistent fonts or colors
Broken formatting on mobile devices

Generic greetings:

"Dear Customer" instead of your actual name
"Dear User" or "Dear Member"
"Valued Client" without specifics

Note: Real companies you do business with usually have your name and use it. However, sophisticated phishing emails may also have your name if scammers obtained it from data breaches, so this alone doesn't guarantee legitimacy.

Compare to Real Emails

Keep a few legitimate emails from your bank, Amazon, or other important companies. When you receive a suspicious email, compare it side-by-side with a real one. Notice differences in logos, layout, tone, and signature blocks.

Step 5: Be Wary of Attachments

Email attachments can contain malware that infects your computer the moment you open them. This is especially true for certain file types.

Dangerous Attachment Types

.exe, .bat, .cmd, .scr — Executable programs that can run malicious code
.zip or .rar — Compressed files that may contain hidden malware
Office documents with macros — .doc, .xls, .ppt files that prompt you to "enable macros"
PDF files from unknown senders — Can contain malicious scripts

Never Open Unexpected Attachments

If you receive an email with an attachment you weren't expecting—even from someone you know—don't open it. Contact the person through a different method (call or text them) to verify they sent it. Email accounts get hacked, and scammers send infected attachments to all contacts.

Step 6: Verify Through Official Channels

When an email asks you to take action—update payment information, verify your identity, confirm a purchase—never use the links or contact information in the email itself.

Safe Verification Process

Don't click any links in the email
Open a new browser window or tab
Type the company's website address yourself (or use a bookmark you previously saved)
Log in to your account directly on the official website
Check for messages or alerts in your account dashboard
Or call the company using the phone number on your card, statement, or their official website (not a number from the email)

Example: You receive an email saying "Your Amazon package couldn't be delivered." Instead of clicking the link in the email, open Amazon.com directly in your browser, log in, and check your orders page. If there's really an issue, it will show there.

Email Verification Checklist

Check the sender's actual email address (not just display name)

Hover over all links to reveal real destinations

Be skeptical of urgent demands for immediate action

Look for grammar errors and poor design quality

Don't open unexpected attachments even from known contacts

Verify independently by navigating to official websites yourself

When in doubt, call using a phone number you trust

What To Do If You Clicked a Bad Link

If you realize you clicked a suspicious link or entered information on a fake website, act immediately. Speed matters.

Immediate Actions

Disconnect from the internet — Turn off WiFi or unplug your ethernet cable to prevent malware from spreading or communicating
Don't enter any more information — Close the browser tab or window immediately
Run a security scan — Use your antivirus software to scan for malware. If you don't have antivirus, disconnect and call a tech-savvy family member
Change passwords — For any accounts that used the same email/password combination, change your passwords from a different, clean device
Contact your bank — If you entered credit card or banking information, call your bank immediately and explain what happened. They may freeze your account and issue new cards
Monitor your accounts — Check your bank statements, credit card statements, and credit reports for unauthorized activity
Report the phishing email — Forward it to the Federal Trade Commission at spam@uce.gov and report it at ReportFraud.ftc.gov

Don't Be Embarrassed

Phishing emails fool millions of people every year, including tech-savvy individuals. These scams are sophisticated and designed by professionals. What matters is how quickly you respond after realizing the mistake. Acting within minutes can prevent significant damage.

Real-World Phishing Email Examples

Example 1: Fake Amazon Order Confirmation

Subject: Your Amazon order #482-4839201-5832901
From: Amazon Orders <no-reply@amazon-order-security.com>

Dear Customer,

Thank you for your order. We have charged your credit card $899.99 for Apple AirPods Max. If you did not make this purchase, click here immediately to cancel.

Thank you,
Amazon Customer Service

Red flags:

Sender domain is amazon-order-security.com, not amazon.com
Generic "Dear Customer" instead of your name
High-dollar amount to create panic
Urgent call to action to make you click without thinking
Real Amazon emails come from @amazon.com and show your actual name

Example 2: Fake Bank Alert

Subject: URGENT: Unusual Activity on Your Account
From: Bank of America Security <alerts@bankofamerica-secure.net>

We detected unusual sign-in activity on your account from an unknown device in Romania. To secure your account, please verify your identity within 24 hours or your account will be temporarily suspended.

VERIFY YOUR IDENTITY NOW

Bank of America Security Team

Red flags:

Sender uses .net instead of Bank of America's real domain (bankofamerica.com)
Creates fear with foreign location and account suspension threat
24-hour deadline to pressure immediate action
Real fraud alerts let you call the bank; they don't require email verification

Example 3: Fake IRS Notice

Subject: IRS Tax Refund Notification - Action Required
From: Internal Revenue Service <refund@irs-gov.org>

Dear Taxpayer,

You are eligible for a tax refund of $2,847.00. To process your refund, please verify your bank account information by clicking the link below. This offer expires in 48 hours.

Claim Your Refund

IRS Refund Department

Red flags:

IRS domain is irs.gov, not irs-gov.org
The IRS never notifies refunds via email—only postal mail
IRS doesn't need you to "claim" refunds via email links
Generic greeting "Dear Taxpayer"
False urgency with 48-hour expiration

Advanced Phishing Tactics to Know

Business Email Compromise (BEC)

Scammers research executives and employees on LinkedIn, then send emails pretending to be the CEO or manager requesting urgent wire transfers or confidential information. These are highly targeted and personalized.

Lookalike Domains

Scammers register domains that look nearly identical to real ones: rn (two letters) instead of m, 0 (zero) instead of O, or adding/removing a hyphen. Example: paypa1.com looks like paypal.com at a glance.

Compromised Accounts

Phishing emails sent from a real person's hacked email account. The sender address is legitimate, but the account is controlled by scammers. Always verify unusual requests even from known contacts.

Gmail Users: Check Authentication

In Gmail, click the three dots next to Reply, then select "Show original." Look for "SPF: PASS" and "DKIM: PASS"—these indicate the email came from legitimate servers. If they say "FAIL," the email likely isn't from the claimed sender.

Frequently Asked Questions

Can my email account get hacked just by opening a phishing email?

No. Simply opening an email (without clicking links or downloading attachments) is generally safe. Modern email clients block most email-based attacks. The danger comes from clicking links or opening attachments, which can install malware or take you to fake login pages.

Should I click "unsubscribe" on spam emails?

No. Clicking "unsubscribe" in a phishing email confirms your email address is active, leading to more spam. Only unsubscribe from legitimate companies you recognize and have done business with. For suspicious emails, just delete them or mark them as spam.

What if I already entered my password on a fake website?

Change your password immediately on the real website. If you use the same password on other sites, change those too. Enable two-factor authentication wherever possible. Monitor your account for suspicious activity. Consider using a password manager to create unique passwords for every site.

How do scammers get my email address?

Email addresses are bought and sold in bulk from data breaches, scraped from public websites and social media, stolen from compromised contact lists, or generated by automated programs that try common name combinations. Having your email leaked doesn't mean you did anything wrong.

Can scammers fake any email address?

Scammers can spoof the "From" field to make it appear to come from any address, but email authentication protocols (SPF, DKIM, DMARC) help email providers detect this. That's why hovering over the sender name to see the actual address is crucial—the display name can be faked easily, but the real routing address reveals the truth.

Automatic Email Link Protection

SafeBrowse360 automatically scans links in emails and blocks known phishing sites before you can accidentally click them. Get an extra layer of protection working 24/7.

Add to Chrome - Free

Final Thoughts

Email verification is a skill that becomes automatic with practice. The 30 seconds you spend checking sender addresses and hovering over links can save you thousands of dollars and countless hours of stress dealing with identity theft and fraud.

Remember these core principles: Legitimate companies don't create artificial urgency, they never ask for passwords via email, and they provide multiple ways to verify their identity. When something feels off, it usually is. Trust your instincts and verify independently.

Bookmark this guide and share it with family members who might be targeted by phishing emails. The more people who know these verification techniques, the harder it becomes for scammers to succeed.