← All guides
June 6, 2026 · 6 min read

Email Scam Checker: How to Tell if an Email Is a Scam

Use this email scam checker walkthrough to read the sender, links, and wording of a suspicious email — or forward it and get a plain-English verdict before you click.

Short answer: an email scam checker reads the three things that actually expose a fake — the real sender address, where the links truly go, and the pressure in the wording — and gives you a verdict before you click. You can run that check by hand in about a minute, or forward the email and have it done for you.

This is an email-specific guide. If you also get scam texts, the general scam-checker walkthrough covers email and SMS together; here we go deeper on what only an email reveals — the From line, the Reply-To, the true link target, and attachments.

Quick version: Don't click to find out. Check the sender's real address, hover the links without tapping, and watch for urgency. If anything's off, forward the email to a scam checker and wait for the verdict.

The 3 signals an email scam checker reads

Almost every scam email gives itself away on at least one of these. Check them in order.

1. The real sender address (not the display name)

The display name is free to type — a scammer can put "Apple" or "Chase Bank" in it. What matters is the actual address in the angle brackets.

  • Tap or click the sender name to expand the full address.
  • Compare the part after the @ to the company's real domain.
  • A real Apple email comes from @apple.com, not @apple.secure-login.com or @apple-id-billing.net.

Look-alike domains are the giveaway: extra words, hyphens, swapped letters (paypa1.com), or a brand name buried in front of a stranger's domain.

The text of a link and its destination are two different things. "Click here to verify" can point anywhere.

  • On a computer, hover over the link and read the real URL in the status bar — don't click.
  • On a phone, press and hold the link to preview the destination, then let go.
  • The domain right before the first single / is the one that counts. In account.paypal.com.secure-verify.io/login, the real domain is secure-verify.io, not PayPal.

If the visible text says one thing and the preview shows another, treat it as a scam.

3. The pressure in the wording

Scam emails manufacture urgency so you act before you think.

  • "Your account will be suspended in 24 hours."
  • "Unusual sign-in — confirm your identity now."
  • "Payment failed, update your billing immediately."
  • A request for a password, full card number, or a code "to verify."

Real companies don't threaten you into clicking a link to hand over credentials. Urgency plus a link plus a sensitive request is the classic combination.

A 60-second email check (by hand)

Run this on any suspicious email before you touch a single link:

  1. Expand the sender and read the full address after the @. Does the domain exactly match the real company?
  2. Check the Reply-To. If the reply address is a different, random domain than the sender, that's a red flag.
  3. Hover (don't click) every link and confirm the real domain matches the brand.
  4. Read the ask. Is it pressuring you to log in, pay, or share a code through this email?
  5. Look at attachments. An unexpected invoice, .zip, .html, or "enable macros" document is a strong scam signal — don't open it.
  6. Sanity-check the context. Did you actually have an account, order, or payment that matches this? A bill from a service you never used is a scam.

If even one step looks wrong, stop and verify through the company's real website or app — typed in yourself, never the email's link.

A quick worked example

Say this lands in your inbox:

From: Netflix Billing <support@netflix-account-update.com>
Subject: Your payment was declined — update within 24 hours

We couldn't process your last payment. To avoid interruption,
update your billing details now:

  [ Update Payment Method ]

Hover preview of the button: http://billing-netflixsecure.com/login

Run the check:

  • Sender domain: netflix-account-update.com — not netflix.com. Fail.
  • Link target: billing-netflixsecure.com — not Netflix's domain. Fail.
  • Wording: "within 24 hours," "avoid interruption" — manufactured urgency. Fail.

Three signals, three fails. This is a scam, and you reached that conclusion without clicking anything. If you weren't sure, the next step is to hand it off rather than guess.

Why "it looks real" isn't a check

The most common mistake is judging an email by how polished it looks. Scammers copy logos, fonts, and footer text exactly — appearance proves nothing. A few more traps:

  • Trusting the display name instead of the real address.
  • Replying to ask "is this real?" — replying only confirms you're a live target, and you'll never get an honest answer.
  • Calling the phone number in the email, which routes straight to the scammer.
  • Clicking "just to see" — the link is the danger, so previewing or forwarding is the only safe move.

A scam checker sidesteps all of these because you hand the message off instead of interacting with it.

Get the email checked instead of guessing

When you're unsure — or you want a second opinion before you act on a bill or a "security alert" — forward the whole email to a checker rather than clicking. Forwarding carries the sender, headers, and links along safely, so the message can be analyzed without you opening anything.

FraudRoom is built for this exact moment. Forward a suspicious email to check@fraudroom.com and you get back a plain-English risk level and the safest next step, usually within minutes — no app to learn and no jargon. On a Family plan, a relative can be alerted when a high-risk email reaches someone you're looking out for.

If you'd rather try it on the next thing that looks off, you can start free.

FAQ

Is there a free email scam checker?

Yes. Free URL scanners check a single link, and a full scam-checking service reads the whole email — sender, links, and wording together. Because real scams combine a look-alike sender with a disguised link and pressure wording, a checker that reads the whole message catches more than a link-only tool. With FraudRoom you forward the email to check@fraudroom.com and get a verdict back.

Forward the entire email to a scam-checking service, or run the 60-second manual check above: expand the real sender address, hover (don't click) the links to see their true destination, and watch for urgency or requests for a password or code. Forwarding is safe because it carries the details without opening anything.

How can I tell if an email is really from a company like Apple, PayPal, or Netflix?

Check the address after the @ — it must exactly match the company's real domain (@apple.com, @paypal.com, @netflix.com), not a look-alike like @apple-id-billing.net. Then verify any account claim by going to the company's official website or app yourself, never through the email's link.

Key takeaways

  • An email scam checker reads three signals: the real sender address, the true link target, and the pressure in the wording.
  • Run the 60-second check before you click — expand the sender, hover the links, read the ask, eye the attachments.
  • "It looks real" is not a check; scammers copy branding perfectly.
  • When unsure, forward the email to check@fraudroom.com and get a plain-English verdict before you act.

Keep reading

WhatsApp, Text, and TikTok Job Offer Scams: How the 'Easy Task' Job Works7 min readIs This USPS Email a Scam? How to Tell8 min readIs This Robinhood Email a Scam? How to Tell8 min readPhishing Email Examples: 8 Real-Looking Scams and How to Spot Each9 min read

Not sure about a message?

Forward it to check@fraudroom.com and get a plain-English scam check in minutes.

Try it free — 5 checks, no card