How to Spot Scams

Scam emails follow predictable patterns. Once you know what to look for, they become much easier to spot:

• 1.Check the sender's actual email address. Not the display name -- the actual email after the @. Scammers use addresses like "security@amaz0n-alerts.com" that look close but are not real company domains.
• 2.Urgency is a weapon. "Your account will be deleted in 24 hours" or "Act immediately or face legal action" are designed to make you panic and skip critical thinking.
• 3.Generic greetings are a giveaway. "Dear Customer" or "Dear User" instead of your actual name often indicates a mass phishing campaign.
• 4.Hover before you click. On desktop, hover over any link to see where it actually goes. If the URL doesn't match the supposed sender, don't click it.
• 5.Legitimate companies don't ask for sensitive info via email. No bank, government agency, or tech company will ask for passwords, SSNs, or credit card numbers through email.

The URL bar is your best defense against phishing websites. Here's how to read it:

The rule:The actual domain is the last two parts before the first single slash (/). In "bankofamerica.com.secure-login.net/signin", the real domain is "secure-login.net", NOT "bankofamerica.com".

Watch for number-letter substitutions too: "paypa1.com" (with a number 1) vs "paypal.com" (with a letter L).

Scammers rely on one psychological trick above all others: urgency. They want you to act before you think.

Common urgency tactics include:

• • "Your account will be suspended in 24 hours"
• • "Only 3 items left at this price!"
• • "Call immediately or face legal action"
• • "This offer expires in 00:14:32"
• • "Verify your identity now to avoid account closure"

The antidote: Whenever you feel pressured to act immediately, pause. Legitimate organizations give you time. Close the message, navigate to the real website directly (not through any link), and check your account there.

If you think you've fallen for a scam, act quickly:

1. 1. Change your passwords immediately -- especially for the account that was compromised, plus any accounts using the same password.
2. 2. Contact your bank -- if you provided financial information, call your bank and credit card companies right away.
3. 3. Enable two-factor authentication (2FA) -- on all important accounts (email, banking, social media).
4. 4. Report the scam -- file a report at reportfraud.ftc.gov and ic3.gov (FBI Internet Crime Complaint Center).
5. 5. Monitor your accounts -- check your credit reports at annualcreditreport.com and consider a credit freeze.

Individual awareness is great, but businesses need layered protection. A single employee clicking the wrong link can compromise your entire organization.

Business-grade protection includes:

• • Email filtering and anti-phishing technology
• • Employee security awareness training
• • Multi-factor authentication on all accounts
• • Endpoint protection and monitoring
• • Regular security assessments and penetration testing
• • Incident response planning