How to Check a Suspicious Email Before Paying or Clicking

Phishing emails are designed to look exactly like messages from banks, government agencies, delivery companies, and businesses you trust. They create urgency to get you to act before you think. A few seconds of verification before you click or pay can make a significant difference.

Risk Signals to Look For

  • !The sender's email address has a subtle difference from the real company — an extra word, a different suffix, or a hyphen that shouldn't be there.
  • !The email asks you to click a link to "confirm your payment," "update your billing details," or "avoid account suspension."
  • !The greeting is generic — "Dear Customer," "Dear Account Holder," or simply "Hello" — rather than your name.
  • !The email creates urgency: "Act within 24 hours," "Your account will be closed," or "Your order has been held pending verification."
  • !The link in the email, when you hover over it without clicking, leads to a web address that is different from the company's official website.

Steps to Verify Before Responding

  1. 1
    Do not click any links in the email: Open your browser and type the company's official website address directly into the address bar instead. This ensures you are visiting the real site, not a lookalike.
  2. 2
    Check the full sender email address: Do not rely on the display name. Click on the sender's name to reveal the actual email address. Scammers often set a familiar display name while using a completely different sending domain.
  3. 3
    Log in through the official website: If the email claims there is a problem with your account, log in through the real website. If there is a genuine issue, you will see it in your account — not only in an unsolicited email.
  4. 4
    Call using a number you find independently: Contact the company using the phone number on their official website or on the back of your card. Do not use any phone number provided in the email.
  5. 5
    Do not open attachments until verified: If the email includes a PDF or other attachment, do not open it until you have confirmed through a separate channel that the email is genuine.

Helpful Public Resources

Frequently Asked Questions

How can I tell if an email is really from my bank or a company I use?

Your bank and most legitimate companies will not ask you to confirm sensitive details, reset passwords, or make payments by clicking a link in an email. If you receive such an email, do not click any links. Instead, call the number on the back of your card or log in to your account directly by typing the address in your browser. If the email is genuine, any alert or request will also be visible in your account.

What should I do if I already clicked a link in a suspicious email?

If you clicked a link and entered personal or financial information, contact your bank immediately. Change the password for the account if you entered login details. Report the phishing email to the company being impersonated — most have a dedicated email for this — and to the FTC at reportfraud.ftc.gov.

What is a lookalike domain and how do I spot one?

A lookalike domain is a web address that closely resembles a legitimate one but contains a small difference — for example, "paypa1.com" instead of "paypal.com," or "amazon-support.com" instead of "amazon.com." Hover over any link in an email without clicking it and compare the full domain carefully before clicking any link.

Can VerifyBefore help me check a suspicious email?

Yes. You can take a screenshot of the suspicious email and upload it to VerifyBefore. The review will check for risk signals in the language and content — such as urgency patterns, unverifiable sender claims, and payment-request red flags — and give you a plain-English summary before you respond.

Helpful Scam Prevention Guides

Received a Suspicious Email You're Not Sure About?

Take a screenshot and upload it to VerifyBefore. We'll check for risk signals and verification gaps — free, before you respond.

Check a Document Free

Disclaimer: VerifyBefore identifies risk signals and verification gaps in documents and messages. It does not prove fraud, verify document authenticity, or confirm whether a company is legitimate. It is not legal, financial, or professional advice. Always contact official sources and speak with someone you trust before taking action.