Phishing
Also known as: email phishing, spear phishing, clone phishing
Scammers impersonate legitimate companies (your bank, Amazon, Microsoft, the IRS) via email to trick you into clicking a malicious link, entering login credentials on a fake site, or opening an infected attachment.
Check if something looks like this scam
Paste any suspicious text, link, or phone number into our scanner.
How it works
Phishing is the most common digital scam category, responsible for the majority of credential theft and account takeover incidents worldwide.
The email: You receive a message that looks legitimate — matching colors, logos, and formatting of a real brand. The sender address often looks correct but has subtle differences (paypa1.com instead of paypal.com, or a display name that masks the real address).
The hook: The email creates urgency. Your account has been compromised. A suspicious login was detected. Your package is undeliverable. You have an unpaid invoice. Click here to resolve it before your account is closed.
The fake site: The link leads to a page that visually matches the real brand's login. You enter your username and password. The site may even forward you to the real brand afterward so you don't notice anything wrong. Your credentials are now in the scammer's hands.
The aftermath: With your login, scammers drain bank accounts, make purchases, reset other accounts using your email, or sell your credentials on dark web markets.
In 2026, AI-generated phishing emails are nearly indistinguishable from legitimate messages. Grammar is perfect, personalization is deep, and traditional spam filters catch a declining share of them.
Warning signs
- ⚠Unexpected email urging you to click a link or log in immediately
- ⚠Sender address that doesn't exactly match the official domain
- ⚠Generic greetings ('Dear Customer') mixed with personal details
- ⚠Threats of account closure or urgent action required
- ⚠Request to verify account information
- ⚠Links that go to unfamiliar domains when you hover over them
- ⚠Attachments you didn't expect
- ⚠Perfect-looking brand design on an unfamiliar URL
Who does this target?
Where does it happen?
What to do if you've encountered this
- 1.Stop all contact with the scammer immediately. Do not respond, do not send more money, do not try to "reason" with them.
- 2.Document everything — screenshots of conversations, phone numbers, email addresses, websites, and any transaction details.
- 3.If money was sent, contact your bank immediately. Wire and ACH reversals are measured in hours, not days.
- 4.Report the scam to the appropriate agencies:
Warning: After any scam, watch out for "recovery scammers" who promise to get your money back for an upfront fee. They are always a second scam. See our recovery scam warning guide.
Related scam patterns
Smishing (SMS Phishing)
Phishing delivered via text message. Common variants include fake USPS/FedEx delivery notices, fake bank fraud alerts, fake toll road bills, and fake IRS warnings — all designed to push victims to click malicious links.
Vishing (Voice Phishing)
Phishing over the phone. Scammers call pretending to be from your bank, a government agency, or a tech company, using social engineering to trick you into revealing personal information, financial details, or transferring money.
Business Email Compromise (BEC)
Scammers impersonate executives, vendors, or clients via email to trick businesses into wiring large sums of money or disclosing sensitive information. BEC is the most financially damaging category of scam targeting businesses, with average losses per incident exceeding $125,000.
