KeepUp Academy
Online Safety Basics · Lesson 3

How to Check a Suspicious Email

Learn what to check before clicking links or opening attachments in an email.

Older adult carefully checking an email on a laptop.
3Lesson
15Minutes
4+Examples
1Practice
Member Lesson

Start with the goal.

Learn what to check before clicking links or opening attachments in an email.

Designed for real life: Read slowly, use the examples, and practice with one real message or account when you are ready. You do not need to memorize every term.

Learning objectives

Objective

Check sender identity beyond the display name.

Objective

Recognize attachment and invoice warning signs.

Objective

Use direct login instead of email links when something feels suspicious.

Email can look official and still be fake

Scam emails may use logos, clean formatting, official-looking buttons, and familiar company names. The safer habit is to inspect the sender, avoid unexpected attachments, and verify by opening the official website or app directly.

Real-world examples

Fake invoice

From: Accounts Team
Subject: Your invoice is attached
Please open the attached invoice and confirm payment today.

Safer move: Do not open unexpected attachments.

Mailbox warning

From: Email Admin
Subject: Your mailbox is full
Your email account will stop receiving messages unless you sign in now.

Safer move: Open your email provider directly.

Subscription payment

From: Streaming Billing
Subject: Subscription renewal failed
Update your payment method within 24 hours to keep watching.

Safer move: Open the app or official website directly.

Refund email

From: Customer Support
Subject: Refund approved
Click here to claim your refund before it expires.

Safer move: Verify through the official account page.

Practice scenarios

Linda and the invoice

Linda receives an invoice from a company she does not recognize. She worries she forgot a bill.

Safer move: She does not open the attachment. She searches separately or asks a trusted person.

Harold and email storage

Harold receives a warning that his mailbox is full and he must sign in now.

Safer move: He opens his email provider directly instead of using the link.

Diane and the refund

Diane receives an unexpected refund email with a button.

Safer move: She does not click. She checks the official account or statement.

Risky vs. safer choice

Risky reaction

React inside the message because it feels urgent, official, or emotional.

Safer reaction

Pause, leave the message, and verify through an official app, website, statement, card, or known phone number.

Practice activity

Check the sender’s full email address.
Look for urgent payment or password language.
Avoid unexpected attachments.
Open the official app or site directly.
Key takeaway: An email can look polished and still be fake. Verify outside the email.

Sources used to build this lesson

Course progress

Keep your place in the course

0% completeCurrent lesson: Lesson 3
Immersive practice

Practice scenario: overdue invoice email

The email creates pressure with a fee and asks you to open an attachment. Before opening anything, confirm the sender and verify through a trusted channel.

Check the sender address carefully.
Do not open unexpected attachments.
Contact the company using a known number.
Report or delete the email if it is suspicious.
Back to Dashboard
Illustration of a suspicious invoice email on a laptop and phone
Practice: suspicious email check
Immersive practice

Practice: suspicious email check

Review sender name, attachment pressure, invoice language, and whether the email asks you to bypass normal steps.

  • Pause and name the pressure.
  • Do not click links inside the message.
  • Verify through the official app, website, or known phone number.

Back to Dashboard