Is an email saying my account will be closed unless I verify my details immediately a scam?
Very likely. Urgent account-closure threats sent by email are a classic phishing technique designed to make you hand over login credentials or personal data.
Last reviewed: 10 June 2026
Explanation
Phishing emails impersonating banks, PayPal, Amazon, Apple, Google, and similar platforms warn that your account has been locked, suspended, or scheduled for closure due to unusual activity, failed verification, or an overdue action. A button or link in the email takes you to a convincing copy of the service's login page where your entered credentials are captured by the fraudsters.
The email mimics the genuine service's branding very closely — logo, colour scheme, footer links, and sender name. However, hovering over the link or inspecting the actual sender email address usually reveals a domain that is not the real company's. Common tricks include replacing an 'l' with a '1,' appending '-support' to the real domain, or using entirely unrelated domains.
Legitimate companies do sometimes send account alerts, but they never ask you to enter your login credentials or financial details by clicking an email link. If your account has a genuine problem, the issue will be visible when you log in directly through the service's real website — typed manually — not only through an email link.
If you received such an email, go to the service's website by typing the address yourself or using your saved bookmark. If there is a real account issue, it will be visible in your account settings.
Common red flags
- Email creates urgency with a countdown or same-day deadline
- Sender's actual email address does not match the company's real domain
- Link URL in the email does not lead to the company's real website
- Poor grammar, spelling errors, or slightly off-brand formatting
- Asks you to enter your password or full card number via the email link
- Generic greeting such as 'Dear Customer' rather than your real name
What to do now
- Do not click any link in the suspicious email
- Go to the service directly by typing its URL in your browser
- Log in to check whether any real account action is required
- Forward the phishing email to the spoofed company's abuse address (e.g. [email protected])
- Report to your national cybersecurity authority
- If you already entered credentials, change your password and enable two-factor authentication immediately
Frequently asked questions
How do I check the real sender address?
In most email clients, clicking the sender name reveals the actual email address. Look for anything that is not the company's official domain. Even small variations like 'paypai.com' or 'amazon-billing.net' are fake.
What if I already clicked and entered my details?
Go to the real service immediately and change your password. Enable two-factor authentication. If you entered financial details, contact your bank. Report the incident to the company that was impersonated.