Inbox defense

Check email for scam with ScamScan's phishing email checker

Paste or review suspicious email details before clicking a link, opening an attachment, paying an invoice, trusting an offer letter, updating KYC, or replying to a sender that looks official. ScamScan helps you compare the sender domain, links, attachments and pressure script before you verify through official routes.

Scan an emailBack to all tools
Best for phishing emails

Reset alerts, fake invoices, login bait, and sender-pressure patterns fit this route.

Phishing Email Checker

Check sender, attachment, link and request context together

Built for fake sender domains, invoice emails, offer letter emails, attachment scams, KYC emails and login alerts.

Sender-domain checklist

Do not trust the display name alone

  • Full address: compare the visible name, exact email address and domain after the @ sign.
  • Reply-to: check whether replies go to a different free mailbox, vendor alias or personal domain.
  • Lookalike domain: watch for extra words, hyphens, swapped letters, numbers, and brand names before an unrelated domain.
  • Official source: open the real bank, employer, courier, marketplace or provider site yourself and compare support or HR details.
  • Context match: ask whether you expected this invoice, KYC request, job letter, refund, login alert or document.
High-intent use cases

Where this page is strongest

Use it when the email mentions bank KYC, mailbox storage, password reset, courier fee, refund, vendor bank change, tax notice, fake invoice, offer letter, HR onboarding or document verification.

Scan an email Attachment guide
Attachment and link risk matrix

Match the email action to the risk signal

Email itemRisk signalSafer action
Invoice PDF or payment noticeNew bank account, QR, UPI ID, overdue pressure or vendor changeVerify with saved vendor contact or finance record before paying
Offer letter or HR fileRegistration fee, laptop fee, training fee, personal bank account or copied domainCheck company career page and HR domain outside the email
ZIP, EXE, HTML or macro documentAsks to enable content, extract password, install viewer or run a fileDo not open on your main device; verify sender and file purpose first
Login or KYC linkOTP, password, Aadhaar, PAN, CVV, UPI PIN or mailbox login requestOpen the official app or typed domain yourself
Short link or buttonFinal domain hidden behind a button, QR or shortened URLUse the URL scanner and compare the final domain before visiting
Official next steps

If the email looks risky, move outside the inbox

  • Do not reply, click, open files, approve sign-in prompts, share OTP, or pay while the email is pressuring you.
  • Open the bank, employer, courier, marketplace, email provider, or government service through the official app or typed domain yourself.
  • For invoice, refund, job, vendor or KYC requests, verify by a saved phone number, branch, official ticket, HR portal or vendor master record outside the email thread.
  • If money moved recently, contact your bank, card, wallet or payment provider quickly and use 1930 for active financial cyber fraud.
  • For a formal complaint trail, use cybercrime.gov.in with sender, header, link, attachment, payment and timeline proof.

Open the closest ScamScan route next

Proof pack

Save evidence before blocking, deleting or reporting

  1. Sender and header proof

    Save the full sender address, reply-to address, subject, date, time, message ID and exported headers if your email app allows it.

  2. Link and attachment proof

    Keep the visible button text, full link, final domain if safely inspected, attachment name, file type, password hint and any file prompt screenshots.

  3. Money or identity proof

    Record UPI ID, bank account, QR code, invoice number, HR contact, KYC form, amount, UTR/reference and any account or login warnings.

  4. Official follow-up trail

    Keep bank, card, wallet, employer, email provider, platform, 1930, cybercrime.gov.in, police or cyber cell ticket IDs in one timeline.

ScamScan cannot certify an email as safe. Treat the output as a decision aid before official verification.

FAQ

Phishing email checker questions

How do I check email for scam signs before clicking?

Check the full sender address, reply-to address, link destination, attachment type, payment demand, urgency, spelling mismatch, and whether the request matches a real order, job, account or KYC process.

Can a phishing email use a real company name or logo?

Yes. Display names, logos, signatures and templates can be copied. Trust the verified domain and official route, not only the name shown in the inbox.

What is a fake sender domain?

A fake sender domain is a lookalike or unrelated domain used to imitate a bank, company, courier, employer or government service. Extra words, hyphens, spelling changes and odd subdomains are common warning signs.

Should I open an invoice or offer letter attachment from email?

Only after verifying the sender and the reason for the file through an official route. Be extra careful with ZIP, EXE, HTML, macro document, password-protected archive, unknown PDF link, or files that ask you to enable content.

How do I check links inside a phishing email?

Do not sign in from the email link. Copy or inspect the destination carefully, compare the domain with the official site, and use the URL scanner route before opening anything risky.

What should I do with a KYC email asking for OTP, PAN, Aadhaar or bank details?

Do not share OTP, UPI PIN, CVV, passwords, Aadhaar OTP or document scans through an email link. Open the official app or typed website yourself and verify the request there.

What proof should I save before reporting a phishing email?

Save the sender address, reply-to address, subject, date and time, full headers if available, links, attachment names, screenshots, payment details, phone numbers, UPI IDs, and transaction references.

Is ScamScan an official email security or complaint portal?

No. ScamScan is not a government, police, bank, email provider or recovery service. It helps organize risk signals and next steps before you use official reporting and support routes.