Don’t Take the Bait: How to Spot Common Email Scams

In today’s digital landscape, phishing emails have evolved from clumsy hoaxes into sophisticated traps designed to exploit your trust, urgency, and curiosity. Whether it’s a fake bank alert, a bogus delivery notice, or a suspicious request from someone posing as your CEO, scammers are constantly refining their tactics to trick even the most cautious among us.

This post breaks down four real-world examples of phishing emails—each crafted to manipulate your instincts and steal sensitive information. For every example, we’ll highlight the red flags that reveal the scam beneath the surface, so you can stay one step ahead and protect yourself and your organization.

Let’s dive into the anatomy of these deceptive messages and learn how to recognize the warning signs before it’s too late.

Example 1: The “Bank Security Alert”

Subject: Urgent: Verify Your Account Immediately

From: “Bank of America Security” security@bankofarnerica.com

Dear Customer,

We have detected suspicious activity in your account. For your safety, your account has been temporarily suspended.

To restore access, please click the secure link below and confirm your details:

Verify Now

Failure to act within 24 hours may result in permanent account closure.

Thank you,

Bank of America Security Team

Red Flags:

·       Sender address uses “arnerica” with an r-n instead of “m.”

·       Generic greeting: “Dear Customer.”

·       Sense of urgency: “act within 24 hours.”

·       Suspicious link that doesn’t match the official bank domain.

Example 2: The “Fake Delivery Notice”

Subject: Your Package Could Not Be Delivered – Action Required

From: “UPS Delivery” ups_support@fast-shipper.co

Hello,

We attempted delivery of your package today, but no one was available. Please

download the attached shipping label and reschedule delivery.

[Attachment: UPS_Label.zip]

Thank you for choosing UPS.

Red Flags:

·       The domain fast-shipper.co is unrelated to UPS.

·       No package tracking number provided.

·       Urges you to open a .zip file — a common malware delivery method.

·       Lacks professional formatting UPS typically uses.

Example 3: The “CEO Gift Card Scam”

Subject: Urgent Request – Need Your Help

From: “David Johnson, CEO” david.johnson@gmail.com

Hi [Employee],

I’m stuck in a meeting and urgently need your assistance. Can you please purchase 5

Amazon gift cards ($100 each) and send me the codes right away? I’ll reimburse you

later.

This is time-sensitive. Please don’t involve anyone else right now.

Thanks,

David

Red Flags:

·       A real CEO wouldn’t use a personal Gmail account for company business.

·       Creates urgency and secrecy: “time-sensitive” and “don’t involve anyone else.”

·       Unusual request for gift cards — a classic scam pattern.

Example 4: The “Fake Invoice”

Subject: Invoice Overdue – Immediate Action Required

From: “Accounts Dept” accounts@vendor-bills.biz

Dear Customer,

Our records show you have an unpaid invoice (#44821) due since last month. Please

see the attached file and make payment today to avoid late fees.

[Attachment: Invoice.pdf.exe]

Regards,

Accounts Department

Red Flags:

·       The attachment is disguised with double extensions (.pdf.exe).

·       Generic greeting: “Dear Customer.”

·       Pressure tactic with “Immediate Action Required.”

·       Unknown domain name.

Stay Sharp, Stay Safe

Phishing scams aren’t just annoying—they’re dangerous. As we've seen in these examples, cybercriminals rely on urgency, fear, and deception to trick people into clicking, downloading, or responding without thinking. But once you know what to look for—misspelled domains, suspicious attachments, vague greetings, and unusual requests—you’re far less likely to fall for their tricks.

The best defense is awareness. Share these examples with your team, your friends, and your family. The more people know how to spot the signs, the harder it becomes for scammers to succeed.

Remember: when in doubt, don’t click. Verify first, act second.