You Got a Warning. Here's What to Do:
- Don't reply, click links, or send money
- Call the sender at a number you find yourself — not from the email
- When in doubt, delete it
6 Tactics Scammers Use
Recognize the tricks — here's what we scan for.
Lookalike Email Addresses
One character. Total impersonation.
Criminals create email addresses nearly identical to someone you trust — your bank, your boss, your escrow officer. They change one letter, add an extra character, or swap an "l" for a "1." You glance at it, it looks right, so you trust it.
An escrow officer gets an email from "the seller" asking to change the wiring instructions for their proceeds. The email address is off by one character — but who checks? The officer wires $380,000 to a criminal's account. Within hours, the money hops through a chain of banks and lands overseas. It's gone. And the escrow company is on the hook for every dollar.
Reply-To Hijacking
Your reply goes to them, not who you think.
The "From" address looks legitimate — maybe even your CEO's real email. But hidden in the email header is a different "Reply-To" address. When you hit reply, your response goes straight to the scammer, not the person you think you're emailing.
You get an email that appears to be from your boss asking you to process a vendor payment. You reply with questions, they answer convincingly, and you send the wire. Every reply went to a criminal in another country.
From: ceo@yourcompany.com
Reply-To: ceo-yourcompany@gmail.com
You think you're emailing your CEO. You're emailing a criminal who now has whatever you sent them.
Dangerous Keywords
The language of fraud.
Scam emails use specific phrases designed to pressure you into acting before you think. They create urgency, threaten consequences, or request sensitive financial actions. These aren't random — they're proven manipulation tactics.
You receive an email saying "Your account will be suspended in 24 hours" or "Updated wire instructions — please confirm receipt." The urgency makes you act fast. You send money or credentials without verifying, and it's gone.
"Verify your account immediately"
"Updated wire instructions"
"Unusual sign-in activity detected"
"Your account will be suspended"
"Confirm your identity"
"Action required within 24 hours"
Deceptive Domains
Familiar names, criminal origins.
Criminals register domains that look like trusted companies by adding words, using foreign extensions, or exploiting typos. At a glance, they look official. They're not.
You get an email from "support@amazon-secure.com" or "billing@paypal.com.co" asking you to verify your payment method. The logo looks real. The domain looks close enough. You click, enter your credentials, and they now own your account.
Display Name Spoofing
The name you trust, the address you ignore.
Email programs show the sender's display name prominently — "Bank of America Security" or "Dr. Smith's Office" — while hiding the actual email address. Criminals set any display name they want, regardless of what address they're actually sending from.
Your inbox shows an email from "Chase Fraud Department." You open it concerned. But the actual address is xr7829@randomserver.net. You click the link, enter your banking login, and they drain your account.
In your inbox: "Bank of America Security"
Actual address: xr77281@randomdomain.com
In your inbox: "Dr. Smith's Office"
Actual address: notreal@spamserver.net
Invisible Character Tricks
Identical to your eyes. Different to computers.
The Russian letter "о" looks exactly like the English letter "o" — but to a computer, they're completely different characters. Criminals swap these lookalike letters to create email addresses that are visually perfect forgeries. You literally cannot see the difference.
You receive an email from "accounts@micrоsoft.com" — except that "о" is Cyrillic, not English. Your eyes see Microsoft. The email looks legitimate. You reset your password through their fake link, and they now control your account.
Your eyes cannot detect this. Only software can.