How to Spot Scams

Scam emails follow predictable patterns. Once you know what to look for, they become much easier to spot:

• 1.Check the sender's actual email address. Not the display name -- the actual email after the @. Scammers use addresses like "security@amaz0n-alerts.com" that look close but are not real company domains.
• 2.Urgency is a weapon. "Your account will be deleted in 24 hours" or "Act immediately or face legal action" are designed to make you panic and click before you think.
• 3.Generic greetings are a giveaway. "Dear Customer" or "Dear User" instead of your actual name often indicates a mass phishing campaign.
• 4.Hover before you click. On desktop, hover over any link to see where it actually goes. If the URL doesn't match the supposed sender, don't click it.
• 5.Legitimate companies don't ask for sensitive info via email. No bank, government agency, or tech company will ask for passwords, SSNs, or credit card numbers through email.

The URL bar is your best defense against phishing websites. Here's how to read it:

The rule:The real website is the name right before the first single slash ("/"). In the address "bankofamerica.com.secure-login.net/signin," the real website is "secure-login.net" -- NOT Bank of America. Everything in front is window dressing.

Also watch for numbers swapped in for letters: "paypa1.com" (with a number 1) looks almost exactly like "paypal.com" (with a lowercase L). Read letter by letter.

Scammers rely on one psychological trick above all others: urgency. They want you to act before you think.

Common urgency tactics include:

• • "Your account will be suspended in 24 hours"
• • "Only 3 items left at this price!"
• • "Call immediately or face legal action"
• • "This offer expires in 00:14:32"
• • "Verify your identity now to avoid account closure"

The antidote: Whenever you feel pressured to act immediately, pause. Legitimate organizations give you time. Close the message, navigate to the real website directly (not through any link), and check your account there.

If you think you've fallen for a scam, act quickly:

1. 1. Change your passwords immediately -- especially for the account that was compromised, plus any accounts using the same password.
2. 2. Contact your bank -- if you provided financial information, call your bank and credit card companies right away.
3. 3. Turn on two-step login (sometimes called "2FA") -- on all important accounts (email, banking, social media). It sends a code to your phone so a thief who steals your password still can't get in.
4. 4. Report the scam -- file a report at reportfraud.ftc.gov and ic3.gov (FBI Internet Crime Complaint Center).
5. 5. Monitor your accounts -- check your credit reports at annualcreditreport.com and consider a credit freeze.

Individual awareness is great, but businesses need layered protection. A single employee clicking the wrong link can compromise your entire organization.

Business-grade protection includes:

• • Email filters that catch fake emails before they hit the inbox
• • Regular short training sessions so staff can spot the scams
• • Two-step login on every account (not just email)
• • Antivirus and monitoring on every computer and phone
• • Regular testing to find weak spots before a criminal does
• • A written plan for what to do the minute something goes wrong