How to spot suspicious emails — and what to do next

June 22, 2022: An email from my bank, followed by the original warning message posted a couple of years ago starting “<old message, but still valid> It’s probably a scam”!

My bank message said:

Here’s info you should know about some recent scams we’ve seen.

1. Depositing Checks from Unknown Sources: Fraudsters may ask you to deposit a check into your personal account and promise you can keep a portion of the money. These checks are often counterfeit and may be returned or sourced from illegal activity – you could lose money or even become unknowingly involved in a crime.

2. Requests for Donations: During times of geopolitical events, fraudsters exponentially increase their efforts to take advantage of your interest to support specific causes. Funds or personal information provided to unverified charities could ultimately not reach their intended audience and could put your account information at risk. FTC.Gov‌  provides guidance to help donate wisely and ensure your contributions reach their intended targets.‌

3. Requests for Account Info: Fraudsters may pose as Citi or a Citi employee and ask for information that allows them to access your account – they may email, text, or call you.

4. Paying with Gift Cards: Scammers pretend to be someone they’re not to convince you to pay with a gift card. Legitimate companies or government agencies would not make this request.
Tips to help keep your accounts safe

  • If you receive a one-time passcode you didn’t request, don’t give the code to anyone who contacts you for it.
  • Never open or use a personal bank account to deposit or transfer funds for someone else.
  • Be wary of “get rich quick” or “easy money” schemes, especially if unsolicited.
    Use known links to access businesses online.
  • Verify any phone, text or email contacts are legitimate before sharing information such as your account number, security word, PIN, User ID or password.
  • Be leery of requests to download apps to fix issues or that allow access to your device.

<old message, but still valid> It’s probably a scam if you get a suspicious email. It addresses you by name, but the wording, which urges immediate action, is odd.

Here is specific, step-by-step guidance of what to do in the moment – even if you already replied or clicked

This may happen to you many times a week. Do you know what to do – and what not to do – with emails like this? Do you know what to tell your parents and kids and employees to do when they open these emails? 

How to spot a suspicious email

Some scam emails can be very convincing, with brand logos and official language. Remember to pause anytime an email urges you to take immediate action that could reveal private information. Look for these warning signs of a scam email:

  • The sender’s name is vague and the sender’s email address is long or convoluted
  • The email’s subject line is attention-grabbing or alarmist
  • The email urges immediate action of some kind
  • An offer of a major discount is dangled 
  • The email cites some pretense for seeking your personal information, including log-in information to a website.
  • The email urges you to click hyperlinked text without clarifying where you are clicking


“Many scams and phishing emails cite offers that are too good to be true,” says Alexej Savcin, an Avast malware analyst. “Or they try to trick users to quickly click on a link with language like ‘click to win’ or ‘see who’s watching you’.” 

Once you have identified the email as part of a scam:

  • Don’t click on any attachments, which can install harmful malware.
  • Don’t click on any links, especially if the email urges you to go to a website and provide any information. 
  • Do not reply to the suspicious email or use a phone number or other contact information in the email. 
  • Look closely at the sender’s email address and any web addresses in the email for deviations from the official name of the business or sender.
  • If you are using your work email account, contact the IT team. They may want you to forward them the email but ask first. 
  • If you are using personal email, and a message claims a business is urgently trying to reach you, you can call or reach out to the business by looking up contact information online or on an old bill. Do not use any contact information provided in the suspicious email. 
  • Your personal email platform may allow you to report phishing. On Gmail there is a drop-down menu next to the reply button with that option. 
  • You can also forward a phishing email to the U.S. Federal Trade Commission at and 
  • If you already replied to a suspicious email, clicked on an attachment or link, or provided personal information, tell your company’s IT team if you are at work or go to There you’ll see the specific steps to take based on the information that you lost.
  • Get two-factor authentication on your email program, and consider changing your email password and any other related passwords. 

It’s also worth noting that scams don’t just come in the forms of emails, and it’s important to keep your wits about you when you’re contacted in any form and asked for personal information or access to any of your devices. Scammers will try anything to get their hands on your data from phishing emails, smishing attempts, hacking, and even support fraud. We’d like to take this opportunity to remind you that at Avast, we will never call you and ask for remote access to your devices or for personal banking details.

For more information: