Email scams have existed since the inception of the email itself. We’ve all heard of the Nigerian prince who’s going to wire you one million dollars if you just make a small upfront payment of a few thousand. While falling for this scam would be ridiculous, millions of people lose their savings to email fraud every year.

That’s because criminals are advancing their tactics. Now you can get an email from your bank, telling you there’s been suspicious activity in your account. No request for money transfers — just confirm your account details to verify your identity. The message might even contain your personal information. How can you tell if it’s a spoofed phishing email or the real deal?

The basics: what is email spoofing and phishing?

Email address spoofing is one of the most common elements in online scams. In simplest terms, it’s when someone sends you an email pretending to be someone else. The sender uses a fake email address, so it looks like it’s coming from a bank, your workplace, or even yourself. This technique is commonly used to make phishing emails look more legitimate.

A phishing email is a social engineering attack to steal sensitive user data, such as credit card information, passwords, social security numbers, and more. Usually, a scammer will insert a malicious link that’ll lead you to a fake duplicate of a website you trust, prompting you to fill in your credentials. The link may also include malware that can infect your computer and steal sensitive information.

But how do spammers get your email address in the first place? A likely scenario is that your credentials may have been exposed in a data breach. You can check if any of your accounts have been compromised here.

Scammers can also use brute force — guessing possible email combinations at random. Databases with real people’s email addresses are also widely available online as a result of users subscribing to untrustworthy newsletters. Always check out the service and their terms before providing your address.

How to prevent email spoofing attacks?

Stopping email spoofing outright may be difficult since it’s not exactly a crime. It doesn’t necessarily have malicious intent — it can be your friends pranking you by pretending to be Beyonce with a spoofed email.

Luckily, many email providers are quite good at spotting scams, so most of them end up in the spam folder. But it’s inevitable that some slip through the cracks and reach your actual inbox. Here are a few things you can do to prevent email spoofing from doing any real damage:

Always check the sender’s address. It may look similar but contain some grammar mistakes. If so, it’s spoofed.

Contact the sender through a different channel. Call them, text them, or meet them in person before divulging any information.

Never click on any links in the email. If you’re asked to visit your bank account, do so by typing the address in the browser. If you absolutely have to click a button or link, at least hover your mouse over it first to see where it leads.

Keep your antivirus software up to date. Make sure you scan your computer frequently.

If it seems too good to be true, it is. If someone is offering you a way to make a quick buck, it’s probably a scam.

But what about when you seem to be the perpetrator? While there’s no perfect solution, here are a few tips on how to stop spoofing emails coming from your email address: