When Should You Check an Email?
If you're asking the question, you already know the answer.
Forward it. Get your verdict in 60 seconds.
The Short Answer
Any time you pause and think "Is this real?" - that's when.
Your gut is smarter than you think. If something feels off, check it before you click anything.
Common Scenarios
Invoices and Payment Requests
"Is this invoice actually from my vendor?"
You've paid this vendor a dozen times. Same format. Same logo. But something's different this time. Maybe the bank account. Maybe the urgency. Maybe you just can't put your finger on it.
Business Email Compromise (BEC) attacks cost businesses $2.7 billion last year. Criminals study your vendor relationships for weeks before striking.
Forward it. Know in 60 seconds.
Bank and Financial Alerts
"Is my bank really asking me to verify my account?"
The email looks official. Your bank's logo. Professional formatting. A link to "secure your account" or "verify suspicious activity."
Real banks rarely ask you to click email links. But the fake ones look exactly like the real ones.
Forward it. Know in 60 seconds.
Package Delivery Notifications
"Did I actually order something?"
FedEx. UPS. Amazon. USPS. DHL. "Your package couldn't be delivered." "Update your delivery preferences." "Track your shipment."
During holiday seasons, these spike 400%. Criminals know you're expecting packages. They count on you clicking without thinking.
Forward it. Know in 60 seconds.
Password Reset Requests
"I didn't request a password reset..."
Microsoft. Google. Apple. Your company systems. If you didn't request it, someone else might be trying to access your accounts.
Or it's a fake designed to steal your credentials when you "reset" on their lookalike site.
Forward it. Know in 60 seconds.
Executive and Coworker Requests
"Did my CEO really send this?"
"I need you to buy gift cards for a client meeting." "Can you wire this payment while I'm traveling?" "Send me the employee W-2 forms ASAP."
CEO fraud is devastatingly effective. The email comes from what looks like your boss's address. The request seems urgent but plausible.
Forward it. Know in 60 seconds.
Vendor Account Updates
"Our banking information has changed..."
You get an email from a vendor you work with regularly. They're updating their payment details. New bank account. Please update your records.
Except it's not really from them. Criminals compromised their email - or created a lookalike domain - and they've been studying your payment patterns for weeks.
Forward it. Know in 60 seconds.
Tech Support Alerts
"Your Microsoft 365 license is expiring."
"Unusual sign-in activity detected." "Your storage is almost full." These create urgency. You rely on these services.
The fear of losing access makes you click quickly. That's exactly what they're counting on.
Forward it. Know in 60 seconds.
Subscription and Renewal Notices
"Your subscription will be charged $499.99"
Netflix. Amazon Prime. Antivirus software. Services you may or may not actually have.
The goal: make you panic and call the "support number" or click the "cancel" link. Both lead to criminals.
Forward it. Know in 60 seconds.
HR and Payroll Communications
"Please update your direct deposit information."
"Your benefits enrollment requires action." "Review and sign your updated employment agreement."
These target employees, especially during open enrollment or tax season. One click and they have your banking details or social security number.
Forward it. Know in 60 seconds.
Tax and Government Notices
"The IRS has identified a problem with your return."
"You have an outstanding tax balance." "Your tax refund is ready for deposit."
The IRS doesn't email you. Neither does the Social Security Administration. If they need to reach you, it's by mail. But the scams look convincing.
Forward it. Know in 60 seconds.
Social Media Alerts
"Someone tried to log into your Facebook account."
"Your Instagram has been flagged for review." "Verify your LinkedIn profile to avoid suspension."
Account takeover starts with a convincing email. Click the link, enter your password on the fake site, and they're in.
Forward it. Know in 60 seconds.
Prize and Lottery Notifications
"Congratulations! You've won..."
You didn't enter a contest. You didn't win anything. But the email promises riches if you just click here or provide your information.
These seem obvious. But the sophisticated versions impersonate real companies with real promotions.
Forward it. Know in 60 seconds.
Notice the Pattern?
Every one of these scenarios creates:
- Urgency - act now or lose something
- Authority - from someone important
- Fear - something bad will happen
- Opportunity - something good awaits
That's not coincidence. That's social engineering. Criminals have studied human psychology. They know what makes people click without thinking.
The defense? Forward the email. Get your verdict in 60 seconds. Then decide.
Real Examples (Anonymized)
See what Phish Check catches that humans miss
The Invoice That Almost Cost $47,000
A 3-person accounting firm received an invoice from their largest client. Same format. Same language. Same everything. Except the bank account was different.
The bookkeeper had processed dozens of payments to this client. She was experienced. Careful. But it was month-end, she was busy, and the email looked exactly right.
- -Domain registered 5 days prior
- -Sender IP in different country than client
- -SPF authentication failed
- -Link destination didn't match display text
She forwarded it to Craig instead. $47,000 saved.
The "Microsoft" Security Alert
A business owner received an urgent alert: "Unusual sign-in activity on your Microsoft account." The email had Microsoft's logo. Professional formatting. A button to "Review recent activity."
Phish Check verdict in 47 seconds:
- -Sending domain: micros0ft-security.com (zero, not 'o')
- -Domain age: 72 hours
- -12 security vendors flagged as phishing
- -Link redirects through 3 servers before landing page
- -Landing page harvests credentials
PHISHING. Delete immediately.
The Vendor Payment Update
"Please update our banking information for future invoices." The email appeared to come from a vendor's actual email address. Same signature. Referenced real invoice numbers.
Phish Check found what the recipient couldn't see:
- -Email headers showed different origin server
- -Reply-to address was different from display address
- -Domain authentication (DMARC) failed
- -Similar emails reported by 23 other businesses that week
PHISHING. The vendor's email had been compromised.
When NOT to Use Phish Check
Save your verdicts for emails that matter
You probably don't need to check:
- - Emails from people you personally know (call them if unsure)
- - Newsletters you actually subscribed to
- - Receipts for purchases you just made
- - Calendar invites from colleagues
You should definitely check:
- - Any request for money, payments, or banking changes
- - Any request for passwords or sensitive information
- - Anything with unusual urgency
- - Anything that "feels off" even if you can't explain why