The message I received is one I've seen repeatedly: "It says my Amazon order didn't go through and they're going to charge me $899 if I don't call right now."

She hadn't been hacked. She'd just been targeted by one of the most common email scams running this year — and the moment her thumb stopped over the email, the scammers had already done their job. Whether she clicked the link or not, the panic was the point.

I can tell you the bad guys don't have unlimited creativity. They use the same handful of subject lines because the same handful of subject lines work. If you can spot these five, you'll dodge probably 80% of the email scams that hit your inbox.

1. "Your [Big Company] order has been placed"

The fake order confirmation. It's the king of email scams right now. Amazon, Best Buy, PayPal, Norton, McAfee, Geek Squad — pick a brand you've heard of, and there's a fake order confirmation pretending to be from them.

The trick is the dollar amount. It's always uncomfortably high — $499, $799, $1,200 — high enough that your stomach drops, but not so high that it feels fake. The email then says: "Didn't authorize this? Call our support team at 1-888-XXX-XXXX."

Notice what's missing: a link. There's no malicious attachment to scan, no suspicious URL. Just a phone number. That's the whole game. You call them in a panic, and a polite person on the other end walks you through "canceling the charge" — which, conveniently, requires you to install some software on your computer, login into your bank account, and "verify your refund". Oops! The scammers how have open access to your bank account.

2. "Action required: Your account will be locked in 24 hours"

The urgency scam. Your bank, Apple ID, Microsoft account, Google account — all suddenly need verification or they'll be permanently disabled. The link in the email goes to a fake login page that looks pixel-perfect, except the web address is something like apple-id-verify.support-help.com instead of apple.com.

Real companies don't lock your account in 24 hours. If your bank actually had a problem, they'd call you, mail you, or freeze the card. They don't email a deadline.

3. "We tried to deliver your package"

USPS, UPS, FedEx, Amazon Logistics — fake delivery notices spike around the holidays but they run all year. The link supposedly takes you to "reschedule" delivery, where they ask for $1.99 to cover the redelivery fee. The $1.99 isn't the scam. The scam is your credit card number, which they'll quietly run $899 through next week.

If you're expecting a real package, go to the carrier's website directly and type in your tracking number. Don't click the link in the email.

4. "Re: payment receipt"

This one's sneaky because the subject starts with "Re:" — making it look like a reply to a conversation you were already having. Your brain skips the suspicion check. Inside is a PDF "receipt" or an Excel "invoice" you don't remember authorizing. Open it, and you've just opened a malicious file.

If you don't remember the original conversation, there isn't one. Delete it.

5. "Hi [your name], I have something to tell you"

The personal one. Sometimes it includes an old password of yours that leaked in some breach years ago, which is meant to scare you into believing the sender has access to your computer. They claim to have recorded you through your webcam and demand Bitcoin to keep quiet.

They have nothing. The password came from a database leak that gets recycled by every spam ring on earth. Delete it, change the old password if you're still using it anywhere, and move on.

The pattern under all five

Look at what these have in common: urgency, a brand you trust, a dollar amount or threat that gets your heart rate up, and one specific action they want you to take — call this number, click this link, open this attachment.

Every single one is engineered to bypass the part of your brain that pauses to think. They're not trying to fool a careful reader. They're trying to fool a panicked one.

What to do this week

Three small habits will protect you from almost all of these.

First, when an email makes you feel panicked, take a breath and assume it's fake until you've checked. Real problems can wait two minutes.

Second, never use the phone number or link inside a suspicious email. If the email says it's from your bank, go to your bank's website by typing the address yourself, or call the number on the back of your card.

Third, when in doubt, forward the email to me at pcrescue@pcrescue.me. I'd rather look at ten harmless emails than have you wire money to someone in a hurry.

This week on the blog I'll be breaking each of these scams down — how they work, what the warning signs look like up close, and what to do if you've already clicked. Friday I'm sending out a one-page printable cheat sheet to email subscribers, covering all of it. If you want it, subscribe here and it'll land in your inbox Friday.

Stay sharp out there.