My dad clicked a phishing email last year. It looked exactly like a PayPal receipt — logo, formatting, everything. He entered his password on what he thought was the PayPal login page. Within 20 minutes, someone had ordered a $600 laptop on his account.

He is not stupid. The email was just that good. But there were red flags he did not know to look for.

5 Things to Check Before You Click Anything

1. The Sender’s Actual Email Address

Do not just read the display name. Click or tap the sender name to expand the full email address. A real PayPal email comes from @paypal.com — not @paypal-security.net, not @paypal-billing.co, not @paypa1.com (with a number one instead of an L). Scammers register domain names that look almost identical.

2. Generic Greetings

Real companies you have accounts with use your name. “Dear Customer” or “Dear User” is a red flag — they are blasting this to millions of people and do not have your actual information.

3. Urgency That Makes No Sense

“Your account will be suspended in 24 hours!” “Unauthorized login detected — verify NOW!” Scammers want you to panic and act without thinking. A real company will send you a notification in the app, not just an email demanding immediate action.

4. Hover Over the Link (Do Not Click)

On a computer, hover your mouse over any button or link (without clicking). The actual URL appears in the bottom-left corner. If it says something like “paypal.verify-account.net” instead of “paypal.com,” it is fake. On a phone, long-press the link to preview the URL.

5. Spelling and Grammar That Is Slightly Off

Scammers have gotten better at this, but you still see things like “We detect suspicious activity in you account” — a missing “r” in “your,” or awkward phrasing. A real company has editors and copywriters. Scammers have Google Translate.

What to Do If You Already Clicked

1. Do not enter any information. If you landed on a fake login page and have not typed anything yet, close the tab immediately.
2. If you entered your password, change it immediately. Go to the real website by typing the URL yourself (not clicking a link). Change your password. Enable two-factor authentication if you have not already.
3. Check your account activity. Look for purchases or transfers you did not make. Report them immediately.
4. Run a virus scan. Some phishing pages also install malware. Better safe than sorry.

My dad got his $600 back from PayPal — it took three weeks and several phone calls. Now he forwards me every suspicious email before clicking anything. I would rather he do that than lose another $600.