How to Spot Spam Emails and Scam Texts - 5 Checkpoints to Avoid Being Tricked

About 11 min read

Your phone buzzes with a message: "Your account has been suspended. Click here immediately." Your heart races - but wait. That message is almost certainly a scam. Spam emails and fraudulent SMS messages are everywhere today, and they are getting harder to spot. This guide explains how these scams work, shows you real examples of common tricks, and gives you a simple checklist to protect yourself. Even if you have already tapped a suspicious link, there are steps you can take right away. Whether you are new to smartphones or just want to stay safe online, this article will help you recognize phishing attempts and avoid falling for them.

What Are Spam Emails and Scam SMS Messages?

The "Fishing" Analogy - Phishing Means Fishing, and the Bait Is Fear or Greed

The word "phishing" comes from "fishing." In fishing, you put bait on a hook that fish will bite. Phishing scams work exactly the same way. The "bait" scammers use is your fear or excitement. They make you panic by saying "Your account will be suspended" or get you excited with "You won 1 million yen." When you cannot think clearly, they lead you to a fake website and trick you into entering your password or credit card number. This is a type of attack called social engineering, which exploits human psychology.

Spam and scam messages reach you through every messaging channel - email, SMS (text messages), LINE, social media DMs, and more. Recently, SMS-based scams have been increasing rapidly and are called "smishing." SMS is particularly tricky because it only requires a phone number to send, so attackers do not need to know your email address. On top of that, SMS has a higher open rate than email, making it an efficient tool for scammers. For more on defending against these psychological manipulation tactics, see our article on social engineering defense.

Common Scam Message Patterns

Real Examples - Watch Out for These Messages

Scam messages follow several common patterns. Just knowing these patterns significantly reduces your chances of being tricked. Here are the four most common ones.

The first is the "account suspension" type. Messages like "Unauthorized access was detected on your account" or "Your account will be suspended if you do not verify within 24 hours" pretend to be from well-known companies like Amazon, Rakuten, Apple, or banks. If you panic and tap the link, you are taken to a fake site that looks just like the real one, and your login information is stolen. Real companies almost never ask you to "enter your password right now" via email or SMS. For a detailed guide on spotting these tactics, see our article on how to protect yourself from phishing.

The second is the "missed delivery" type. You receive an SMS saying "We attempted to deliver your package but you were not home. Click here to reschedule." People who frequently order deliveries are especially vulnerable to this pattern. Real delivery companies leave a notice in your mailbox - they rarely send links via SMS. Always check whether the URL leads to the delivery company's official domain.

The third is the "prize winner" type. Messages like "Congratulations! You won an iPhone" or "Answer a survey and get a 50,000 yen gift card." If you think about it calmly, you cannot win a contest you never entered. Whenever you see words like "free," "winner," or "gift," suspect a scam first.

The fourth is the "family impersonation" type. Messages like "Mom, my phone broke and my number changed. Contact me at this number" or "Help me, I need money" pretend to be from family or friends. Because they appeal to your emotions, you tend to believe them. If you receive a message like this, the safest thing to do is call the original number and verify directly with the person.

Five Checkpoints to Avoid Being Tricked

Just Remember These

When you receive a suspicious message, just checking these five things will help you catch almost every scam.

1. Check the sender. Look carefully at the email address or phone number. If an email claims to be from Amazon but the sender is something like "amazon-security@xyz123.com" with an unfamiliar domain, it is fake. Legitimate companies send emails from their own domain (e.g., @amazon.co.jp). For SMS, be suspicious of any "official notice" from an unknown number.
2. Be wary of "urgent" and "immediately." Most scam messages try to rush you. Phrases like "Your account will be deleted if you do not respond within 24 hours" or "Complete the procedure today" use time pressure to prevent clear thinking. Real companies do not delete accounts based on a single email.
3. Check the URL. Before tapping a link, look at the URL carefully. Instead of "amazon.co.jp," it might use a subtly different domain like "amaz0n-login.com." This technique is called typosquatting, which uses fake domains that look similar to real ones to trick people. On smartphones, URLs are often truncated, so make a habit of long-pressing links to see the full URL.
4. Be suspicious of requests for personal information. If you are asked for your password, credit card number, PIN, or personal identification number via email or SMS, it is a scam. Banks and credit card companies never ask for this information by email. Do not believe it even if they say it is "for identity verification." It is also important to strengthen the security of your email account itself. For details, see our guide on how to protect your email account.
5. Go directly to the official website. Instead of tapping links in messages, access the official site directly through your browser bookmarks or a search engine. If there really is a problem with your account, you will see a notification when you log in to the official site. This habit of "going to the official site yourself instead of clicking links" is the most effective defense against phishing.

What to Do If You Tapped a Suspicious Link

Stay Calm and Take These Steps

When you realize "Oh no, I tapped the link!" the most important thing is to stay calm. If you only opened the link and have not entered any information yet, there is a good chance no damage has been done. However, if you entered your password or credit card information on a fake site, you need to act immediately.

First, log in to the service where you entered your password right now and change it. If you used the same password on other services, change all of those too. Next, talk to your parents or guardians. If you stay quiet because you are afraid of getting in trouble, the damage could spread. The sooner you ask for help, the more options you have. Also, save screenshots of the fake site and the message you received. These will serve as evidence if you later consult the police or a consumer center. If you entered credit card information, call the card company immediately and ask them to freeze the card. You can reach them at the phone number on the back of your card.

What You Can Do Right Now

1. Turn on your phone's spam filter. On iPhone, go to Settings, Messages, then Filter Unknown Senders. On Android, turn on spam protection in the Messages app
2. Bookmark the official sites of services you use often (Amazon, Google, banks, etc.). Build the habit of accessing them from bookmarks instead of message links
3. Share information with your family when you receive scam messages. Especially for family members who are not used to smartphones, teach them the five checkpoints from this article
4. Generate strong passwords with Passtsuku.com and set a different password for each service. Even if one password leaks through phishing, you can prevent damage to other services

To learn more about protecting yourself online, guides on internet scam prevention (Amazon) are a helpful resource.

Frequently Asked Questions

Is it dangerous just to open a link?

In most cases, if you only opened a link and did not enter any information, there is no major damage. However, on older phones or devices that have not been updated, there is a small chance of getting infected just by opening a site. If you are worried, clear your browser history and cache, and scan with a security app. If you did not enter anything, there is no need to worry too much, but build the habit of not opening suspicious links in the future.

Are all SMS messages from unknown numbers scams?

Not all of them are scams. Legitimate SMS messages from unknown numbers can include hospital appointment confirmations, delivery notifications, and verification codes. However, be cautious of SMS messages that try to get you to tap links or ask for personal information. If you are unsure, ignore the link in the message and check directly through the official website or app.

Is there a way to stop spam emails?

It is difficult to eliminate them completely, but there are ways to reduce them. First, enable your email service's spam filter. Gmail automatically sorts them for you. Next, never reply to suspicious emails. Replying lets them know your address is active, which leads to more spam. Also, avoid registering your email on untrustworthy sites. For SMS spam, use your phone's setting to filter unknown senders.