Start Now

Most Common Email Scams & How to Avoid Them

Email scams trick you into clicking links, opening attachments, or paying fake invoices. Here are today’s most common email cons and fast ways to spot and avoid them.

Austin Hulak
Austin Hulak
Founder
Updated

Table of Contents

Quick Facts

About this scam type

Criminals impersonate trusted brands, government agencies, employers, or contacts and send emails trying to get you to click a link, open an attachment, scan a QR code, call a number, or pay a fake invoice. Their goal is to steal logins, install malware, or divert money by making emails look real and urgent.

How scammers contact victims

Most phishing starts in your inbox. Messages often copy a brand’s logo and language, spoof sender addresses, and route you to fake login pages or call-back numbers, making it hard to spot a fake at a glance.

Who is most at risk

Older adults may be less familiar with new threats. Small offices handle invoices and wire transfers that scammers try to intercept. Busy families and students juggle many accounts, making it easy to fall for urgent or unexpected messages.

Understanding the risk level

Losses from email scams can include stolen accounts, drained bank or crypto balances, and identity theft. Malware from emails may also lead to ransomware attacks on home or work devices, with serious financial and privacy impacts.

Most Common Email Phishing Scams

How it works: Messages claim unusual sign-in activity on Microsoft, Google, Apple, or bank accounts and ask you to “review activity,” “recover your account,” or enter a code. The links lead to lookalike login pages that steal your password or access codes.

Sample Subject

Microsoft account unusual sign-in activity

Variation

Your account may have been accessed by someone else

Red Flag Signs:

  • • Sender is not the brand’s exact domain, or the display name hides a different address.
  • • Link preview shows a non-brand domain.
  • • Generic greeting like “Dear user.”
  • • Urgent timer or threats of deactivation.

How it works: Criminals send invoices or DocuSign-style envelopes that look real. Many instruct you to call a number instead of paying online. The phone agent then phishes payment details or remote-accesses your device. Others link to fake portals that collect credentials.

Order completed successfully
Completed: Transaction Details 423
Purchase has been completed @ Sep 04, 2025
Remittance Advice

Red Flag Signs:

  • • Invoice asks you to call a number to cancel or get a refund.
  • • Sender domain is not the platform’s official domain.
  • • Attachments you did not expect.
  • • Payment request by wire or crypto.

How it works: Emails claim a tax refund is waiting or a package could not be delivered. Links go to sites that collect personal and financial information, or install malware. The IRS does not initiate contact by email about bills or refunds. USPS says unsolicited delivery-problem messages are scams.

Your package is on hold. Pay customs fee to release.
Refund pending. Verify tax information now.

Red Flag Signs:

  • • Asks for Social Security or bank numbers via email.
  • • Requests payment by gift card, wire, or crypto.
  • • Directs you to click a shortened link.

How it works: Emails impersonate HR, payroll, or government purchasing offices and embed QR codes that lead to fake login pages or payment sites. Attackers are actively using DocuSign-themed envelopes and QR codes in 2024 and 2025.

EFT/ACH Remittance Information
Remittance Advice
Complete with DocuSign: City of San Francisco.pdf

Red Flag Signs:

  • • QR code in the email or attached PDF.
  • • Requests for payroll login or banking after scanning.
  • • Mismatched or foreign domains after scanning.

How it works: Criminals hijack or spoof business email to change payment instructions, send fake vendor invoices, or ask staff to buy gift cards. Losses can be very large if wires are sent to scam accounts.

Urgent: update remittance details for today’s payment
Are you available? Need you to handle a quick task.

Red Flag Signs:

  • • New wiring instructions or bank change sent by email only.
  • • Requests to bypass usual approvals.
  • • Slightly altered domain or display name.

How it works: Attackers use link-wrapping or URL-defense services to make phishing links look trustworthy, or send QR codes to get around email filters. These lead to fake login pages that steal Microsoft 365 credentials.

Voicemail: new message
Teams file shared with you

Red Flag Signs:

  • • Rewritten links that do not end at the brand’s domain.
  • • Multiple redirects before the login page.
  • • QR codes used to access your account.

Red Flags & Warning Signs

Top 5 Phrases Scammers Use

  1. 1
    "Unusual sign-in activity"

    Often used to make you worry that someone else accessed your account.

  2. 2
    "Your account is on hold or suspended"

    This phrase pressures you to act quickly to avoid losing access.

  3. 3
    "Order completed successfully or Invoice attached"

    Tries to trick you into thinking a purchase was made or payment is due.

  4. 4
    "We couldn’t deliver your package"

    Uses fake delivery problems to lure you to click links or provide info.

  5. 5
    "Verify your identity to avoid deactivation"

    Leverages fear your account will be shut down unless you respond fast.

Scam Warning Signs

  • Generic greeting and poor grammar
    Criminals often do not use your name and make writing errors.
  • Sender domain or reply-to does not match the brand
    Scammers use email addresses that look close but are not exact matches.
  • Links point to non-brand domains or are shortened
    Hover over links to check the web address before clicking.
  • Attachments or QR codes you did not expect
    Unrequested files or codes are common tricks for delivering malware or fake sites.
  • Requests to call a number to cancel or pay
    Brands do not ask you to call unknown numbers to process refunds or payments.
  • Payment by wire, gift card, crypto, or Zelle to strangers
    These payment methods are hard to trace and nearly impossible to recover.

Legitimate Communications

  • Messages addressed by your full name and sent from the exact brand domain
    Legitimate companies use your name and their official domains.
  • No request for passwords, MFA codes, or full SSN by email
    Real companies do not ask for sensitive info this way.
  • Brands direct you to log in through their official website or app
    You should always access your account by typing the address yourself.
  • IRS does not initiate contact about bills or refunds by email
    IRS contacts people by mail, not email, for tax matters.
  • PayPal says its emails will not include attachments and you can verify notices inside your account
    Go directly to PayPal.com to review any messages or invoices.

How to Protect Yourself

  1. 1.
    Stop and Verify Out-of-Band

    Do not click any links in unexpected emails. Instead, open a browser and go directly to the company’s website or app, or call a number from a statement or prior communication you trust.

  2. 2.
    Turn On Two-Factor Authentication

    Use an authenticator app or a security key on your major accounts like email and online banking to add a strong second layer of security.

  3. 3.
    Update and Protect Your Devices

    Turn on automatic updates for your computer and phone, install reputable antivirus software, and back up important files to prevent data loss.

  4. 4.
    Use Email’s Built-In Tools

    Mark suspicious messages as phishing in your email program. Enable spam filtering, show full sender addresses, and check for any auto-forwarding rules you did not set.

  5. 5.
    Guard Payments

    Never wire money, Zelle, or send crypto based only on email instructions. Always confirm payment changes or new wiring instructions by calling a trusted number.

    Make it a family rule to always confirm payment requests through another channel.

  6. 6.
    Treat QR Codes and Shortened Links with Caution

    If you receive a QR code or shortened link, verify the request with the source through another method or navigate to the website manually.

  7. 7.
    Report Attempted Phishing

    Forward phishing emails to reportphishing@apwg.org and to the impersonated brand’s abuse mailbox. Report all scams to the FTC at ReportFraud.ftc.gov.

    Create a simple card near the computer: “Stop. Verify on your own. Never give codes or passwords.”

Sign up with Lifeguard to get real-time scam alerts and proactive monitoring for your family’s accounts.

Get Protected

What to Do If You’re a Victim

If you responded to a suspicious email or sent money, quick action can help limit damage. Here’s what to do, step by step.

  1. 1.
    Disconnect from Wi-Fi and Run Antivirus (Do immediately)

    If you clicked a link or opened an attachment, disconnect your device from Wi-Fi right away and run a full antivirus scan to check for malware.

  2. 2.
    Change Passwords from a Clean Device (Do immediately)

    Change your email and affected account passwords from an uninfected device. Turn on two-factor authentication and check for any account forwarding rules.

  3. 3.
    Contact Your Bank or Card Issuer (Do immediately)

    If you sent money or provided card details, call your bank or card issuer at once to request a recall or chargeback.

  4. 4.
    File Reports with Authorities (Within 24 hours)

    Report the scam to the FTC at ReportFraud.ftc.gov, to the FBI IC3 at ic3.gov, and to the impersonated brand’s abuse desk. For IRS scams, forward to phishing@irs.gov. For mail-related crimes, use spam@uspis.gov.

  5. 5.
    Place a Fraud Alert or Freeze Your Credit (Within 24 hours)

    Contact any credit bureau to place a free fraud alert or freeze your credit with Equifax, Experian, and TransUnion.

  6. 6.
    Monitor Accounts and Credit Reports (Within 1 week)

    Keep watching bank and card accounts for unauthorized charges, and check your credit reports at AnnualCreditReport.com. Set up transaction alerts if available.

  7. 7.
    Follow Up on Wire or Business Transfers

    If a wire was sent for a business invoice or home closing, continue pressing your bank and the receiving bank for updates. Update your FBI IC3 report with any new details or contacts.

For more help, visit the FTC’s resource center (consumer.ftc.gov).

Frequently Asked Questions

Real security alerts come from the brand’s exact domain and you can verify them inside your account without using email links. If unsure, type the website address yourself and check your account's notifications page.

Identification

No, scammers use https on fake sites too. Always check the domain carefully and avoid clicking on unverified email links.

Identification

No. The IRS will not initiate contact by email about bills or refunds. Report any suspicious IRS emails to phishing@irs.gov.

Identification

Do not call numbers in unexpected emails. Log in directly to DocuSign or PayPal to check your account. Forward the suspicious message to their abuse mailbox and delete it.

Prevention

Treat all unexpected QR codes as suspicious. Confirm with your HR office using a known phone number and go to your payroll site directly.

Prevention

Call your bank right away and file a report at ic3.gov. Act quickly for the best chance to recover funds and update both banks regularly on the situation.

Recovery

A credit freeze is free and helps prevent new account fraud. Set it up with Equifax, Experian, and TransUnion. You can temporarily lift it when needed.

Prevention

Forward them to reportphishing@apwg.org and to the brand being impersonated. Also file with the FTC at ReportFraud.ftc.gov and, for government or money loss scams, with ic3.gov.

Reporting

Protect Your Family from Email Scams

Start monitoring for new email threats and identity theft. Keep your loved ones safe with Lifeguard’s scam protection and easy alerts.

Start Protection
Share: