A client contacted me last fall absolutely certain he'd been talking to Amazon for two days about a refund. He had emails. He had reply chains. He'd given them his bank routing number to "issue the refund."

When I sat down at his computer and looked at the sender address, my stomach sank. It said support@amaz0n-billing.com. That's a zero where the letter O should be, plus a dash and a fake word stuck on the end.

On his phone, where he'd been reading these emails, the address was hidden behind a friendly display name that just said "Amazon Customer Service." He never saw the URL. Why would he? Phones don't show it by default.

This is the spoofed sender scam, and it's one of the most successful tricks in email because it exploits something real companies do every day: showing a friendly name instead of a long technical email address.

What you actually see vs. what's actually there

When an email arrives, your phone or email app shows you the sender's display name — the human-friendly part — and usually hides the actual address underneath. That display name can be set to literally anything by whoever sent the email. There is no rule, no verification, no enforcement.

Scammers know this. So they send an email with the display name "Apple Support" or "Bank of America" or "Microsoft Account Team," and the actual sending address is something like noreply.svc-749@mail-bounce-xyz.click. On your phone, you only see "Apple Support." Mystery solved, brain relaxes, scam complete.

The lookalike domain trick

When scammers want to be more convincing — say, when they're going to ask for a password — they go a step further and register a domain that looks like a real one. The most common tricks are:

A zero swapped for an O: amaz0n.com, g00gle.com, micr0soft.com.

A 1 swapped for a lowercase L: paypa1.com, appe1.com. This one is brutal on a phone screen, especially in sans-serif fonts where 1 and l look identical.

An extra word stuck on: apple-id-support.com, microsoft-billing-services.com, amazon-customer-care.net. Each of these is a real domain someone can register for $12 and hide behind. None of them belong to the real company.

A different ending: apple.support, microsoft.help, paypal.security. The real Apple is apple.com — not .support, not .help, not anything else.

A subdomain trick: apple.com.verify-account.net. Read it left to right. The actual domain — the part that determines who owns the website — is whatever sits right before the .net or .com. So this address belongs to verify-account.net, not Apple.

How to actually check on a phone

On an iPhone, in the Mail app: tap the sender's name at the top of the email. A panel pops up showing the actual email address. If it's not what you expect — support@amazon.com for an Amazon email, for instance — close the email and don't click anything.

On Android, in Gmail: tap the sender's name or the little arrow next to it. Same idea — the real address shows up.

In Outlook on a phone: tap the sender's display name and look for "From." That's the true address.

It takes three seconds. It will save you thousands of dollars over the rest of your life.

A sender check on the desktop

On a computer, hover your mouse over the sender's name without clicking. Most email programs will show you a tooltip with the real address. Or click "Show original" / "View source" / "Show details" — every email program has this option somewhere — and read the "From:" line.

If the address is some long, weird string ending in a domain you've never heard of, that's all you need to know.

When the address looks legit but the email is still fake

Scammers can also break into a real company's email server and send from a legitimate address. This is rarer but it does happen — usually small businesses with weak security. So even a real-looking sender isn't a guarantee. Always combine the sender check with the rest of the red flags: urgency, dollar amounts, suspicious attachments, links that lead somewhere strange.

The sender address is the single highest-value check, but it's not the only one.

A quick exercise tonight

Open your inbox. Find the most recent email from "Amazon," "Apple," "Microsoft," or your bank. Tap the sender's name and look at the actual email address.

Now you know what the real one looks like. The next time something arrives claiming to be from them, you have a reference. If it doesn't match, it's not real.

Tomorrow I'm covering the fake invoice scam — the one that doesn't even use a malicious link, just a phone number, and walks people into draining their bank account on a "refund call." If you want Friday's printable email-scam cheat sheet emailed to you, subscribe here.