BeforeYouPay AI
Sign in

Free Guide

How to Check if an Email Is a Phishing Email

Phishing emails are designed to look real and make you click fast. Use this guide and BeforeYouPay AI to spot fake senders, malicious links, and fake invoices before they cost you money or your accounts.

Check an Email Now See Plans

Why phishing emails work

Modern phishing emails copy real logos, footers, and writing style. They often spoof the display name of a brand you trust and use urgency or fear to bypass your normal caution. Even careful people get caught when they are busy or distracted.

7 signs an email might be phishing

Sign 1

Sender domain doesn’t match

The display name says “Amazon” but the real address is something like amzn-support@random-domain.com.

Sign 2

Suspicious or mismatched links

Hover over links before clicking. If the URL doesn’t match the real company’s domain, treat it as phishing.

Sign 3

Urgency, threats, or fear

“Your account will be closed in 24 hours” is a classic pressure tactic to make you act before thinking.

Sign 4

Asks for passwords, codes, or payment info

Banks, Apple, Microsoft, Google, and your IT team will never ask you to reply with passwords or 2FA codes.

Sign 5

Unexpected attachments

PDFs, ZIP files, HTML, or .docm files you didn’t request can contain malware or fake login pages.

Sign 6

Generic greeting or odd writing

“Dear Customer,” strange grammar, or odd formatting from a brand you know is a common phishing tell.

Sign 7

Reply-to address looks off

The visible “from” may look real while the reply-to silently routes your response to an attacker’s inbox.

How to check an email before clicking anything

  • Inspect the full sender email address, not just the display name
  • Hover over every link to see the actual destination URL
  • Never reply with passwords, codes, or payment details
  • Verify unusual requests through a separate, trusted channel
  • Don’t open unexpected attachments
  • Paste the email or screenshot into BeforeYouPay AI

Use BeforeYouPay AI as a second opinion

Paste the email body, upload a screenshot, or share the suspicious link. BeforeYouPay AI scans for common phishing patterns — spoofed senders, mismatched URLs, fake invoices, and credential traps — and returns a plain-English risk score.

Scan an Email Free

Common phishing email categories

Bank, PayPal, or crypto exchange alerts
Apple, Google, or Microsoft account warnings
Shipping notices (FedEx, UPS, USPS, DHL)
Invoices and “overdue payment” emails
HR, payroll, or executive “urgent” requests
Job offers or interview invitations

Important reminder

BeforeYouPay AI provides informational risk assessments only. If you believe an account has been compromised, change your password, enable 2FA, and contact your bank or IT team immediately.

Frequently asked questions

How can I tell a phishing email from a real one?

Check the full sender address (not just the display name), hover over links to see the real URL, watch for urgency or threats, and verify any payment or password request through a separate trusted channel.

Is it dangerous to just open a phishing email?

Usually opening the email is low risk. The danger is clicking links, downloading attachments, replying with information, or enabling content in attachments.

What should I do with a suspected phishing email?

Do not click anything. Report it to your email provider or IT team, mark it as phishing, and delete it. If you already clicked, change passwords and contact your bank if money or accounts were involved.

Can BeforeYouPay AI check an email?

Yes. You can paste the email text, upload a screenshot, or share the suspicious link, and BeforeYouPay AI will assess the risk for you.

Not sure about an email?

Run a free scan and get a risk score in under 30 seconds.

Check an Email Now