Is This Email Legitimate? How to Tell If an Email Is Fake

By | April 5, 2026
0 Comment
is this email legitimate - how to tell if an email is fake

You receive an email that looks official, maybe from your bank, a delivery service, or a company you use. But something feels off. Is this email legitimate, or is it a scam? Knowing how to tell if an email is fake is one of the most practical skills you can have online. This guide walks you through the checks you can do in under a minute to verify any suspicious email before clicking anything.

How to Tell If an Email Is Fake

Fake emails (also known as phishing emails) are designed to look like they come from a trusted source. The goal is to get you to click a link, download an attachment, or hand over personal information like passwords or credit card numbers.

The good news is that most fake emails share common signs of a phishing email. Once you know how to spot a fake email, it becomes straightforward. Here are the checks you should run on any email that feels suspicious.

Check the Sender Address

This is the single most reliable check. The display name in an email (the name you see, like “PayPal Support”) can be set to anything. What matters is the actual email address behind it.

  • Legitimate: service@paypal.com, noreply@amazon.com
  • Fake: service@paypa1-support.com, amazon-alert@account-verify.net

Look carefully at the domain (the part after the @ symbol). Attackers use domains that look similar to real ones at a glance: swapping the letter “l” for the number “1”, adding extra words like “support” or “verify”, or using a completely different domain extension (.net instead of .com).

On mobile, the sender address is often hidden behind the display name. Tap or long-press the sender name to reveal the full address. If it does not match the company’s official domain, the email is fake.

Look for Urgency and Threats

Fake emails almost always try to pressure you into acting quickly. Phrases like these are major red flags:

  • “Your account will be suspended in 24 hours”
  • “Unusual activity detected, verify immediately”
  • “You must confirm your identity or lose access”
  • “Payment failed, update your details now”

Legitimate companies do send security alerts, but they rarely threaten immediate consequences and almost never ask you to provide sensitive information through email. If an email demands urgent action, pause and verify it through other channels (log into the service directly through your browser, or call the company using a number from their official website).

Before you click any link in an email, check where it actually leads. On a computer, hover your mouse over the link without clicking. The real URL will appear in the bottom-left corner of your browser or as a tooltip. On a phone, long-press the link to preview it.

What to look for:

  • Does the domain match the sender? A link claiming to be from Netflix should go to netflix.com, not netflix-verify.com or account-update.info.
  • Is it using HTTPS? While not a guarantee of safety, legitimate services always use HTTPS. A link starting with http:// (no “s”) to a login page is suspicious.
  • Does it use a URL shortener? Links like bit.ly/xyz123 in an official-looking email are a red flag. Real companies link to their own domain.

If you are unsure about a link, do not click it. Instead, open your browser and go to the company’s website directly by typing the address yourself.

Check for Generic Greetings

Legitimate companies that have your account typically address you by name. Fake emails often use generic greetings because the attacker is sending the same message to thousands of people:

  • “Dear Customer”
  • “Dear User”
  • “Dear Account Holder”

This is not a definitive test on its own (some legitimate automated emails use generic greetings too), but combined with other red flags it strengthens the case that the email is fake.

Look at the Email Design

Fake emails have improved dramatically in recent years, but many still have visual tells:

  • Spelling and grammar errors: while not as common as they used to be, obvious mistakes in an email claiming to be from a major company are a strong signal.
  • Blurry or mismatched logos: attackers sometimes use low-resolution logos or outdated branding.
  • Inconsistent formatting: misaligned text, mixed fonts, or broken layouts suggest the email was hastily assembled.
  • Missing footer information: real marketing and transactional emails include the company’s physical address and an unsubscribe link at the bottom (required by law in most countries). Fake emails often skip this.

Keep in mind that sophisticated phishing emails can look pixel-perfect. If you are wondering how to know if an email is fake, a professional design alone does not guarantee it is real. Always check the sender address and links regardless of how polished the email appears. Understanding what a phishing email looks like helps you stay sceptical even when the presentation is convincing.

Fake Email Examples

The images below show fictional phishing emails created to illustrate common red flags. Notice how each one mimics a trusted brand but contains telltale signs of being fake.

Example of a phishing email showing common red flags
A fictional phishing email with highlighted red flags. Notice the suspicious sender address, urgent language, and deceptive link. Image: Isochrone, CC BY-SA 4.0, via Wikimedia Commons
Example of a fake bank phishing email
A fictional bank phishing email. The sender domain, generic greeting, and threatening language are all red flags. Image: Isochrone, CC BY 4.0, via Wikimedia Commons

Want to test your ability to spot emails like these? Take our interactive phishing quiz with 10 real-world scenarios.

How to Check Email Headers

If you want to go deeper, email headers reveal where an email actually originated from. Headers contain technical details like the sending server’s IP address and whether the email passed authentication checks (SPF, DKIM, DMARC).

How to view headers in common email clients:

  • Gmail: open the email, click the three dots (top right), select “Show original”
  • Outlook: open the email, click File > Properties, look in the “Internet headers” box
  • Apple Mail: open the email, go to View > Message > All Headers

An email header check can reveal whether the email was spoofed. Here is what to look for:

  • Return-Path: this should match the sender’s domain. If it does not, the email was likely spoofed.
  • Authentication-Results: look for spf=pass, dkim=pass, and dmarc=pass. If any of these show “fail”, the email may not be from who it claims.

Checking email headers is not something most people need to do regularly, but it is the most definitive way to find out how to tell if an email is spoofed, or how to check if an email is legit when other signals are inconclusive.

What to Do If You Receive a Fake Email

If you determine that an email is fake, here is what to do:

  1. Do not click any links or download any attachments. This is the most important step. The email itself is harmless as long as you do not interact with it.
  2. Report it as phishing. Most email providers have a “Report phishing” option (in Gmail, click the three dots and select “Report phishing”). This helps improve spam filters for everyone.
  3. Delete it. Once reported, move it to trash.
  4. If you already clicked a link or entered information: change your password for the affected account immediately, enable multi-factor authentication, and check if your email has appeared in any data breaches.
  5. Warn others. If the fake email impersonated a company, let them know through their official website. If it was sent to a work address, report it to your IT department.

For more on protecting your accounts, consider using a password manager to create unique passwords for every service and keeping your software updated to protect against malware that may be delivered through fake emails.

The Bottom Line

Telling if an email is legitimate comes down to a few quick checks. If you are asking yourself “is this email real?”, run through this checklist:

Quick Reference Checklist
  1. Check the sender address – does the domain after @ match the real company?
  2. Look for urgency or threats – “act now or lose access” is a red flag
  3. Hover over links – does the URL go to the company’s real domain?
  4. Check the greeting – “Dear Customer” instead of your name is suspicious
  5. Inspect the design – spelling errors, blurry logos, or missing footer details
  6. When in doubt, do not click – go to the company’s website directly instead

Most fake emails fail at least one of these tests. A real company will never penalise you for taking the time to verify.

For more guidance on email threats, read our full guide on what phishing is and how to protect yourself, or test your skills with our phishing quiz. You can also visit the FTC’s guide to recognising phishing scams and the UK National Cyber Security Centre’s phishing guidance for additional resources.

Related Posts