How can I tell if my email has been hacked?

Use Have I Been Pwned or Clairmo to check if your address appears in a known data breach. If it has, change your password immediately.

Phishing is a scam that impersonates a trusted organization to steal personal data. Smishing uses SMS, vishing uses phone calls.

Complete Guide

How to Verify an Email — The Complete Anti-Phishing Guide

Phishing is the #1 cyber threat in 2026. Learn how to verify an email's authenticity, detect suspicious links, and protect your personal data.

Check a phone number Email scam alerts

1. Check the sender

The first step is to examine the full email address, not just the display name. Scammers use slightly modified addresses:

support@amazon.com → legitimate

support@am4zon.com → scam

no-reply@apple.com → legitimate

no-reply@apple-support.com → scam

To see the full address in Gmail, click the arrow next to the sender name. In Outlook, double-click the email to open the full window.

2. Check links without clicking

On desktop, hover your mouse over the link without clicking. The real URL appears at the bottom of the browser. On mobile, long-press the link to see a preview.

Examples of suspicious links

https://amazon-security-verify.com (fake domain)
https://amazon.com.login-verification.net (misleading subdomain)
https://bit.ly/3xxXXX (shortener hiding the real URL)
https://192.168.1.1 (IP address instead of a domain)

3. Check attachments

Attachments are a major malware vector. Be wary of:

.exe, .zip, .js, .scr files (any Windows executable)

Office documents with enabled macros (.docm, .xlsm)

PDFs asking to enable advanced features

Unexpected attachments even from known contacts

4. Check if your email was leaked

Free services let you know if your email address was compromised in a data breach:

Have I Been Pwned

The largest breach database. Enter your email to see if it has been compromised.

Clairmo

Verify your email and discover public profiles, leaks, and associated DNS configurations.

5. The 5 most common email scams

1. Fake delivery

You receive an email or SMS announcing a package awaiting delivery. A fraudulent link steals your bank details under the guise of delivery fees.

2. Bank phishing

An email pretending to be your bank alerts you to a suspicious transaction. The link leads to a phishing site that perfectly copies your bank's interface.

3. Subscription renewal

Netflix, Amazon Prime, Spotify: your subscription is about to expire. Click to update your details. The link leads to a fraudulent site.

4. Fake invoice

You receive an invoice for a purchase you did not make. The attachment contains ransomware.

5. Spear phishing

Ultra-personalized email using your real information (name, company, colleagues) obtained from LinkedIn or a data breach.

6. Free verification tools

Header analysis

Analyze full email headers to verify the sending server and detect spoofing.

DNS check

Verify SPF, DMARC, and DKIM records of the sender domain.

Link analysis

Check a URL's reputation before clicking with VirusTotal or URLVoid.

Fraudulent emails — Frequently asked questions

Check the sender's full email address, hover over links without clicking, watch for spelling errors, and be wary of urgent requests. Never share banking details or codes by email.

Verify an email now

Clairmo analyzes DNS validity, data breaches, and public profiles associated with any email address.

Check a phone number