You receive an email from your bank. It says there's suspicious activity on your account and you need to verify your information immediately. There's a convenient link to click. Your heart pounds—what if someone is stealing your money?
Before you click, stop.
That email might be a trap. Phishing scams (pronounced "fishing") cost Americans millions of dollars every year. Scammers have become incredibly good at making fake emails and websites look real.
But here's the good news: Once you know the tricks they use, you can spot these fakes almost every time.
What Is Phishing?
Imagine a fisherman casting a wide net, hoping to catch any fish that swims by. That's exactly how phishing works.
Scammers send thousands of fake emails, hoping a few people will take the bait. They pretend to be banks, government agencies, online stores, or even friends. Their goal is to trick you into:
- Clicking dangerous links
- Downloading viruses
- Giving away passwords
- Providing credit card or Social Security numbers
Think of it this way: A phishing email is like a wolf in sheep's clothing. It looks harmless on the outside, but it's dangerous underneath.
How to Spot a Phishing Email
Check the Sender's Address Carefully
This is the number one clue. Scammers can make the display name say "Bank of America" or "Amazon," but the actual email address tells the truth.
Real: service@amazon.com
Fake: service@amazon-security-alert.com
Real: alerts@wellsfargo.com
Fake: alerts@wells-fargo-alerts.net
What to do: Look closely at what comes after the @ symbol. If it doesn't match the company's official website exactly, it's fake.
Look for Generic Greetings
Real companies usually address you by name. Phishing emails often use vague greetings because they send the same email to thousands of people.
Red flags:
- "Dear Customer"
- "Dear User"
- "Dear Account Holder"
- "Hello Dear"
Good sign: "Dear Mrs. Johnson" or using your actual name
Watch for Urgency and Threats
Scammers want you to panic and act without thinking. They create false emergencies.
Common scare tactics:
- "Your account will be closed in 24 hours!"
- "Immediate action required!"
- "Unauthorized access detected!"
- "You owe money—pay now or face legal action!"
- "Your Social Security number has been suspended!"
Remember: Legitimate companies don't threaten you or demand immediate action. They send letters and give you time to respond.
Check for Spelling and Grammar Errors
Big companies have professional writers and editors. Their emails are carefully proofread.
Phishing emails often come from overseas scammers. They make spelling mistakes, awkward phrasing, and grammar errors.
Examples:
- "We detected unusuall activity on you're account"
- "Please verifiy your informations"
- "Click hear to update your account"
Hover Over Links (Don't Click!)
This is one of the most important skills to learn.
Before clicking any link, hover your mouse over it (don't click!). Look at the bottom of your browser window. You'll see the actual web address the link goes to.
Example: The link might say "Verify Your Account" but hovering shows it goes to:
- scammer-site.ru/steal-your-info
- bankofamerica-security-update.com (fake)
- amazon-login-verification.net (fake)
On a phone or tablet: Press and hold the link. A preview will show the real address.
Golden rule: Never click links in emails claiming to be from your bank. Instead, type the bank's address directly into your browser.
Be Suspicious of Attachments
Real companies rarely send attachments you didn't ask for. Attachments can contain viruses that infect your computer.
Red flags:
- Unexpected invoices or receipts
- "Urgent documents" you weren't expecting
- Files ending in .exe, .zip, or .scr
- Files with two extensions (document.pdf.exe)
How to Spot a Fake Website
Sometimes you land on a website and something feels off. Maybe the prices are unbelievably low. Maybe the site looks slightly wrong. Trust that feeling.
Look for the Padlock and HTTPS
Before entering any personal information, look at the web address bar at the top of your browser.
Good signs:
- A padlock icon appears (🔒)
- The address starts with "https://" (the "s" stands for secure)
Warning signs:
- "http://" without the "s"
- A warning triangle or red line through the padlock
- "Not Secure" warning
Important: The padlock doesn't mean the site is legitimate—only that the connection is secure. Scammers can have secure websites too.
Check the Domain Name Carefully
Scammers create website addresses that look almost right.
Real: amazon.com
Fake: amazon-deals.com, amaz0n.com, amazon-security.com
Real: paypal.com
Fake: paypal-secure.com, paypa1.com, paypal-verify.net
Trick to remember: Read the domain name from right to left (the important part is at the end). The main name should match exactly.
Look for Contact Information
Legitimate businesses provide ways to contact them:
- Physical address
- Phone number
- Email address
Fake sites often have:
- No contact information at all
- Only a contact form (no real address)
- Addresses that don't exist when you look them up
Test it: Try calling the phone number. Does anyone answer? Is it a real business?
Read the "About Us" Page
Fake websites often have:
- Vague, generic descriptions
- Poorly written content
- No real information about the company
- Stock photos instead of real staff photos
Check the Prices
If prices seem too good to be true, they probably are.
Red flags:
- iPhones for $100
- Designer handbags at 90% off
- Prescription medications without a prescription
- Luxury items at bargain prices
These sites take your money and either send nothing or send cheap knockoffs.
Look for Reviews Outside the Website
Don't trust reviews posted on the website itself—scammers write those themselves.
Instead:
- Search Google for "[website name] reviews"
- Check the Better Business Bureau
- Look for reviews on independent sites
If you can't find any reviews, or if all reviews are recent and overly positive, be suspicious.
Common Scam Website Types
Copycat Shopping Sites
These look exactly like Amazon, Walmart, or other major retailers. They steal your credit card information when you "check out."
How to spot: Check the web address carefully. If it's not the exact official address, it's fake.
Tech Support Scam Sites
You see a pop-up saying your computer is infected with instructions to call a number or download software.
Rule: Real security software doesn't show phone numbers or demand immediate action. Close the pop-up and run your actual antivirus software.
Fake Charity Sites
After disasters, scammers create fake charity websites to steal donations.
Protection: Donate only through established charities. Type their official web address yourself.
Red Flags: Quick Reference
🚩 EMAIL RED FLAGS:
- Sender address doesn't match the company
- Generic greeting ("Dear Customer")
- Urgency or threats
- Spelling and grammar mistakes
- Requests for passwords or personal information
- Suspicious links or attachments
- Offers that seem too good to be true
🚩 WEBSITE RED FLAGS:
- No "https://" or padlock icon
- Domain name is slightly wrong
- No contact information or physical address
- Prices way below normal
- Poor design or many typos
- No reviews or only suspicious ones
- Pressure to act immediately
What To Do If You Clicked Something Suspicious
If you clicked a suspicious link:
- Don't enter any information
- Close the browser tab immediately
- Run antivirus software
- Change your passwords (especially for banking)
If you entered information on a fake site:
- Contact your bank immediately if you entered financial information
- Change your passwords right away
- Monitor your accounts closely
- Consider placing a fraud alert on your credit report
If you downloaded an attachment:
- Don't open it
- Delete it immediately
- Run a full antivirus scan
- Consider having a tech-savvy person check your computer
Key Takeaways
📦 Key Takeaway Box:
✅ Always check the sender's email address. The display name can be faked; the actual address reveals the truth.
✅ Hover over links before clicking. See where they really lead before you go there.
✅ Legitimate companies don't threaten you or demand immediate action. Any email creating urgency should raise suspicion.
✅ Check for https:// and the padlock icon before entering any personal information on a website.
✅ If a deal seems too good to be true, it is. Extremely low prices are a major red flag.
✅ When in doubt, go directly to the website. Type the address yourself instead of clicking email links.
Trust Your Instincts
Your life experience has given you good judgment. If something feels wrong, it probably is. It's always better to be cautious than to become a victim.
Remember: No legitimate company will ever ask for your password via email. No bank will ask you to "verify" your account by clicking a link. No government agency will demand payment through gift cards.
When you spot these tricks, you take away the scammer's power. You become someone they can't fool. And that's a very good thing.
Stay sharp, stay safe.
Next in This Series: Article 54 – Safe Online Shopping: A Senior's Guide to Buying on the Internet