Skip to content

SCAM LIBRARY · PHISHING & LINKS

The 'verify your account' email

A message warns your account is locked and tells you to click a link to verify.

Hand-authored (ScamVet), reviewed · reviewed 2026-07-06

How it works

Posing as your bank, Amazon, Apple, or Microsoft, the message claims suspicious activity and tells you to log in via a link to fix it. The link goes to a convincing fake page that steals your password.

How it unfolds

Scams like this follow a pattern. Knowing the arc helps you notice where you are — and step away before the ask.

You receive an email that looks like it's from a company you use—your bank, email provider, or online retailer. The subject line says something like 'Verify Your Account' or 'Urgent: Confirm Your Identity.' It feels official and uses the company's logo.
The email says there's a problem—suspicious activity, an expired password, or a security issue—and asks you to click a link or button to 'verify,' 'confirm,' or 'update' your information right away. The tone is calm but urgent.
You click the link and land on a page that looks nearly identical to the real company's site. You're asked to enter your username, password, or other personal details to 'restore access' or 'complete verification.'
The moment to stop: Before you enter anything, pause. Real companies rarely ask you to verify sensitive information by clicking an email link. If you're unsure, close the email, go directly to the company's official website (type the address yourself), and log in to check your account. If there's a real issue, you'll see it there—not in an email.

Red flags

  • Urgent warnings that your account is locked or compromised.
  • A generic greeting like 'Dear customer'.
  • A login link instead of asking you to visit the site yourself.

What to do

  • Don't click. Open the app or type the website address yourself.
  • Turn on two-factor authentication where you can.
  • If you entered a password, change it immediately and report it at reportfraud.ftc.gov.

If it already happened

Acting quickly can limit the damage. You are not alone, and it is not your fault.

  • Do not reply to the email or click any more links in it. If you entered your password or username, change your password immediately on the real company's official website using a secure device.
  • If you entered credit card, bank account, or Social Security information, contact your bank or card issuer right away by phone (use the number on your card or statement—not any number in the email). Let them know what happened and ask them to watch your account for fraud.
  • Keep a record of the suspicious email (take a screenshot or save it) and note what information you entered and when. Do not delete the email yet.
  • Report the phishing email to the Federal Trade Commission at reportfraud.ftc.gov. Include the sender's email address, the link you clicked (if you remember it), and what information you may have shared.

Sources

Guidance on this page draws on public, authoritative consumer-protection resources (verified live 2026-07-10). Hand-authored (ScamVet), reviewed · reviewed 2026-07-06.

Spotted this or lost money? Report it at reportfraud.ftc.gov. This is general educational information, not legal or financial advice — and ScamVet never asks for your identity or account details.