scam type guide

phishing & email scams.

spoofed senders. fake login pages. credential theft.

Phishing attacks impersonate trusted brands — your bank, Amazon, Netflix, the IRS — to trick you into clicking malicious links, entering passwords, or downloading malware. Modern phishing is highly sophisticated and often bypasses spam filters.

91%.

of data breaches start with phishing

3.4B.

phishing emails sent daily

$4.76M.

average cost per phishing attack

94.5%.

suss. detection rate

red flags to watch for.

if you see any of these, suss it out before responding.

spoofed sender address

The email looks like it's from Amazon or your bank, but the actual domain is slightly different.

urgent action required

Your account will be suspended, your payment failed, your package is held — act NOW.

suspicious link

The link text says 'amazon.com' but hovers to 'amaz0n-verify.click' or similar.

generic greeting

Dear Customer, Dear User, Dear Account Holder — not your actual name.

requests login credentials

Legitimate companies never ask for your password via email.

unexpected attachment

Invoice, receipt, or document you weren't expecting — often contains malware.

real examples suss. catches.

paste messages like these into suss. for instant analysis.

“Your Amazon account has been temporarily suspended due to unusual activity. Click here to verify your identity within 24 hours or your account will be permanently closed.”

impersonationurgency_pressurecredential_phishing

HIGH RISK — phishing email

“USPS: Your package could not be delivered. A delivery fee of $1.99 is required. Update your information here: usps-tracking-update.com”

impersonationsuspicious_urlsmall_fee_lure

HIGH RISK — delivery phishing

real victim stories.

anonymized cases from actual phishing & email scams reports.

A man received a text from 'his bank' saying his card was locked. He clicked the link and entered his credentials on a perfect replica of the bank's site.

Lost: $12,000

via SMS

Banks never send links via text. Call the number on your card instead.

An employee clicked a fake DocuSign email and entered her company credentials. Attackers used her account to send phishing to 200 colleagues.

Lost: Company breach

via Email

One click can compromise an entire organization.

check it now.

paste a suspicious message below for instant AI analysis.

how to protect yourself.

follow these tips and use suss. to verify anything suspicious.

Never click links in emails — go directly to the website by typing the URL.

Check the sender's actual email address, not just the display name.

Hover over links before clicking to see the real destination.

Enable two-factor authentication on all important accounts.

Be skeptical of any email creating urgency or fear.

Report phishing emails to the company being impersonated and to reportphishing@apwg.org.

See live phishing & email scams activity

Real-time detection stats on the Fraud Pulse tracker

think you've seen a phishing & email scam?.

paste the message, email, or link into suss. for an instant AI-powered analysis. free, no signup needed.

suss it out Community Reports

related scam types

Social Engineering Scams Impersonation Scams Marketplace & Shopping Scams