Fake email addresses, real danger: how to spot lookalike domain scams
That email from your bank might not be from your bank. Learn how scammers create near-identical email addresses to steal your personal information—and how to catch them every time.
This guide from the Federal Trade Commission (FTC) — the U.S. government's consumer protection agency — explains how phishing scams work and how to protect yourself. It focuses specifically on how scammers make their emails look like they're from companies you trust, including using lookalike email domains (e.g., paypa1.com instead of paypal.com, or chase-secure.com instead of chase.com). The guide walks through the warning signs, what never to click, and how to report suspicious emails if you receive one.
Key Takeaways
- Scammers create email addresses with tiny, hard-to-spot differences — like swapping a letter for a number (paypa1.com), adding a word (chase-secure.com), or using a different ending (amazon.coinstead ofamazon.com) — to make their emails look legitimate at a glance.
- Before clicking any link in an email, hover your mouse over it first to reveal the real destination URL — this one habit can stop most phishing attacks in their tracks.
- Legitimate companies — including banks, government agencies, and utilities — will never email or text you asking you to click a link to update your payment information or confirm sensitive personal details.
- If something feels off, go directly to the company's website using a bookmark or by typing the address yourself — never use the link provided in a suspicious email.
If you already clicked a suspicious link: Update your security software immediately and run a scan. If you entered any personal or financial information, visit IdentityTheft.gov to get a personalized recovery plan. Report the incident to the FTC at ReportFraud.ftc.gov.