Security

Recognizing Phishing Emails: Common Templates Used by Scammers

Phishing emails try to trick you into clicking a link or sharing details. Here are patterns that show up again and again—and how to stay safe.

Phishing is when someone sends an email (or message) that looks like it’s from a company or person you trust, but it’s actually from a scammer. The goal is to get you to click a link (which may steal passwords or install malware) or to reply with personal or financial details. Job seekers and freelancers often get "job offer," "account verification," or "payment pending" phishing. Recognizing the template helps you stop before you click.

Template 1: "Verify Your Account"

"Your account will be suspended in 24 hours. Click here to verify." The link goes to a fake page that looks like your bank, Upwork, or PayPal. You enter your password and they steal it. Real companies don’t ask you to "verify" by clicking a link in an email and typing your password. If you’re unsure, open the real site in your browser (type the URL yourself or use a saved bookmark), then log in and check. Don’t use the link in the email.

Template 2: "You’ve Been Selected for a Job"

An email from "HR" or "recruitment" saying you’re selected and must "complete registration" or "verify identity" by clicking a link or sending documents to an email address. Often the sender’s address is not from the company’s real domain (e.g. amazon-hr@gmail.com instead of @amazon.com). Real hiring uses official domains and career portals. Don’t click; don’t send documents to the email in the message. Apply through the company’s real career page if interested.

Template 3: "Payment Pending" or "Invoice Due"

"Your payment is on hold. Click to confirm your bank details." Or "You have an invoice; pay here." The link leads to a fake payment or login page. Legit platforms show payment status when you log in on the real site. Never confirm bank details or pay by following an email link. Go to the real website and log in to check.

Check the sender: Hover over the "From" name to see the real email address. If it says "Upwork" but the address is random@gmail.com or a weird domain, it’s phishing. When in doubt, don’t click. Report the email and delete it.

What to Do When You Get a Suspicious Email

  1. Don’t click links or open attachments.
  2. Don’t reply with personal or financial information.
  3. Check the real company site or app by typing the URL yourself—don’t use the link in the email.
  4. Mark as spam or report phishing in your email client. If it’s job-related, you can also report via our Report a Scam form.
Urgency is a red flag. "Act in 24 hours or your account will be closed" is a common trick. Real companies usually give you ways to verify (e.g. in-app notifications, support chat) without demanding immediate clicks from email.

Once you know these patterns, you’ll spot most phishing attempts. When in doubt, don’t click—go to the real site and check. That habit alone can save your accounts and your money.

Share this article

WhatsApp

Back to Blog