Email / Phishing Scams Detection Training Tool

Recognising Scam Emails — SCARS Institute

Would You Spot These Emails?

Email remains the most common delivery mechanism for scams, fraud, and malware. This training takes you through six realistic scam emails — each one representing a different deception technique used by criminals every day. You will see the email exactly as it would appear in your inbox, uncover what is actually happening, and test whether you would have spotted it in real time.

Email Types

From basic phishing to advanced display name spoofing

19+

Techniques

Every deception move named and explained

Questions

Test your real-time detection ability

Important: This training shows you what dangerous emails look like so you can recognise and avoid them. You will see realistic examples of fake sender addresses, spoofed domains, malware delivery language, and sextortion threats. Nothing in this training requires you to click anything real — the links and addresses shown are fictional examples for educational purposes only.

The six emails in this training cover: basic credential phishing, authority impersonation, your own email address used as the sender, malware delivery via attachment, spear phishing using your personal information, and lookalike domain spoofing.

Stage 1 of 6 Score: 0

out of 6 awareness questions

The 14 Techniques Used in These Emails

Your Email Safety Checklist — Before You Click, Reply, or Open Anything

Hover over the sender address — does the actual domain match the organisation it claims to be from?
Is the email creating urgency, fear, or a deadline? Legitimate organisations rarely demand immediate action by email.
Does the link in the email go to the organisation's actual domain — or something slightly different?
Were you expecting this email? Unsolicited attachments from any sender are a significant risk.
Does the email address you by name, or with a generic greeting like "Dear Customer" or "Dear User"?
If the email claims to be from someone you know, does the tone and context match how that person normally communicates?
Before clicking any link, go directly to the organisation's website by typing the address yourself.
If an email claims to have compromising material about you, it almost certainly does not — this is a standard mass-sent threat.
Your own email address appearing in the From field does not mean your account was hacked — it means the sender field was forged.
If in doubt, call the organisation directly using a number from their official website — not a number in the email.

Why Email Scams Still Work

Despite widespread awareness, email scams remain highly effective because the techniques have evolved significantly. Modern phishing emails are often visually indistinguishable from legitimate communications. Spear phishing uses real personal information. Spoofed sender addresses look identical to real ones at a glance. AI is now being used to generate personalised, grammatically perfect phishing emails at scale — removing the spelling errors and awkward phrasing that used to be a reliable warning sign.

The most important shift in your protection strategy is this: never evaluate an email based on how it looks. Evaluate it based on what it is asking you to do, who it is asking you to trust, and whether you initiated the communication. Legitimate organisations do not email you urgently asking for credentials, payments, or personal information.

Report phishing emails: Forward to reportphishing@apwg.org · reportfraud.ftc.gov · ScamPsychology.org

Educational use only — SCARS Institute · www.ScamPsychology.org