A free guide to spotting fake shopping confirmation emails, package delivery scams, and impersonator phishing in 2026 — built for everyone with an inbox.
Phishing emails usually have these tells:
Bottom line: When in doubt, open the official app directly instead of clicking email links. This single habit prevents 90%+ of phishing damage.
Phishing emails are the most common way scammers steal credentials and money. Even tech-savvy people fall for them — the best phishing now uses AI-generated copy, perfect logos, and personalized details from data breaches. In 2024, email was the most common way consumers reported being contacted by scammers, with billions in losses tied to phishing campaigns.
The good news: nearly every phishing email has tells. Once you know what to look for, you'll spot them in seconds. This guide gives you 9 specific signs to check before clicking anything in your inbox.
These are the specific patterns scammers use. If you spot 2 or more, walk away.
These actual scam patterns are happening right now — knowing them helps you spot them.
Subject: 'URGENT: Confirm your recent Amazon order #847291.' Sender: 'orders@amazon-verify.co' (not @amazon.com). Body: 'Your order requires verification. Click here to confirm or your account will be suspended.' All 9 red flags present. The real Amazon never sends 'verification required or account suspended' emails.
Subject: 'UPS Delivery Failed — Reschedule Now.' Sender: 'no-reply@ups-deliverysystem.net' (not @ups.com). Body asks recipient to pay $2.99 'reschedule fee' via included form. UPS, FedEx, USPS never charge fees to reschedule delivery. They never request payment info via email.
Subject: 'Audible: Payment failed — update card.' Sender: 'billing@audible-account.com' (not @audible.com). Links to 'audible-secure-login.com' (not audible.com). Captures real Audible credentials when victims try to 'fix' their account. If concerned about a subscription, open the official Audible app directly — never click email links.
Subject: 'IRS: You qualify for a $1,247 refund.' Sender: 'refunds@irs-treasury.gov' (real IRS is @irs.gov). Asks for SSN, bank info, and DOB to 'process' refund. The IRS never initiates contact via email. They only send physical mail. Any tax-related email is phishing.
Now you know what to watch for. But scammers evolve every day — new lookalike sites, new phishing tactics, new manipulation techniques. You shouldn't have to remember every red flag every time you shop. That's what Nudge is for.
We built Nudge to be the permanent layer of protection between you and these scams. Real-time trust scores on every site you visit. Automatic warnings when something looks off. No subscription. No account. No data collection. The people most vulnerable to online scams — older adults, lower-income shoppers, first-time buyers — are exactly the people who can least afford expensive security tools. Protection should be a right, not a luxury.
Run through these 9 checks before clicking any link in any email — especially emails about orders, deliveries, or account problems.
Real Amazon emails come from @amazon.com. Fake ones: @amaz0n.com (zero instead of o), @amazon-support.com (extra word), @amazon.co (missing .m), @support-amazon.shop (different TLD). Hover over the sender name to see the full email address. One wrong character = phishing.
'Your account will be deleted in 24 hours.' 'Suspicious activity — verify now.' 'Your order is canceled unless you confirm.' Real companies don't threaten you. They send polite, non-urgent notifications. Urgency is designed to bypass your skeptical thinking — recognize it as a scam signal.
Real merchants use your name: 'Hi John,' 'Hello Sarah.' Phishing emails use generic greetings: 'Dear Customer,' 'Dear User,' 'Dear Account Holder.' Why? Because scammers send millions of emails without knowing recipient names. (Note: some phishing now includes real names from data breaches — this isn't a foolproof check.)
Before clicking any link, hover your mouse over it (on desktop) or long-press (on mobile). The actual URL appears. Compare to the displayed text. Real Amazon link: amazon.com/orders. Fake: amazon-verify-account.com or bit.ly/2j3kx (link shorteners hide real destination). Mismatched hover URLs = phishing.
Real companies have copy editors. Phishing emails often have typos, awkward phrasing, missing punctuation, or odd capitalization. 'You're account need verification immediately' is not how Amazon writes. Note: AI is making this check less reliable, but it still catches many phishing attempts.
Real shopping emails rarely include attachments. If an 'order confirmation' has a PDF attachment named 'invoice.pdf' or 'tracking.zip' — don't open it. Could be malware. Real order info appears in the email body, not attachments.
No legitimate company asks for: passwords (they never need yours), full credit card numbers in email replies, Social Security Numbers, or login codes. If an email asks for any of this — even framed as 'verification' — it's phishing. Real companies have you log into the official site/app to confirm.
Phishing emails often use slightly-wrong logos, outdated branding, or low-quality images. Real Amazon, Walmart, USPS, FedEx have consistent, professional design. If the email looks 'off' compared to other real emails from the same brand — it's likely phishing.
Look at the 'Reply-To' field, not just the 'From' field. Sometimes phishing emails have a real-looking From but a fake Reply-To (so your reply goes to the scammer). On desktop email clients, this is visible. On mobile, tap the sender details to see all addresses involved.
If you clicked a phishing link or entered information:
All the tools below are free. Use multiple for the strongest protection.
Paste URLs at transparencyreport.google.com to check if known-bad.
Check if your email/password has been leaked in data breaches.
Scan for malware if you clicked a suspicious attachment.
Generate unique passwords for every account.
Free 2FA apps — much safer than SMS-based 2FA.
Warns you when clicking links to suspicious sites — no signup, no data.
Deeper dives on specific brands and categories.
Nudge shows you a trust score on every site you visit, automatically. No more remembering every red flag. Free Chrome & Firefox extension — protection that shouldn't be behind a paywall.