How to spot a fake email before you click

Last month, my mum got an email telling her that her Netflix payment had failed and that her account would be closed by the end of the day. It had the Netflix logo, the right colours, and even her name in the greeting. She almost clicked the link, and almost handed over her bank details.

The catch was that the email was not from Netflix at all. It was from a scammer who had bought her email address from a leaked database. Stories like this happen every minute, and the emails keep getting better.

Before you click anything in an email, run through four quick questions. One — look at the sender's full email address, not just the name shown at the top. A real Netflix email comes from a netflix address, while a scam will use a slightly different name, like a hyphen, an extra word, or a brand name buried inside a longer address.

Two — hover your mouse over any link without clicking, and look at the bottom of your screen, where the full web address will appear so you can see if it really belongs to the company you expect. Three — ask yourself whether the email is pushing you to act fast, because real banks, real shops, and real services almost never threaten to close your account by tomorrow morning. Four — if anything feels off, close the email and go to the company's website by typing the address yourself, because whatever the email claimed will be in your account if it is real.

It happens to careful people too — a moment of distraction is all it takes. If you typed your password into a fake page, change that password straight away on the real website. If you use the same password somewhere else, change it in those places too, because thieves try the same one across many sites within minutes.

Turn on two-step login for the account if you have not already — it asks for a code from your phone whenever someone tries to sign in. If you typed in card details, call your bank and ask them to cancel the card before anyone uses it. The faster you move, the less damage anyone can do with what they stole.

Catching every fake email by eye is hard, and you will have an off day eventually. Sorinify works in the background for those moments — when you do click a link, it checks the real destination before your browser opens the page. If the page is a fake bank, a fake Netflix, or any other scam our system has seen, you see a warning instead of the page.

Your password never gets typed, because the form never appears on your screen. You do not need to remember the 30-second check every time you open your inbox. Sorinify runs it for you, on every link, every time.