Thanksgiving always kicks off the annual flood of promo emails, shipping alerts, loyalty offers, holiday coupons, and “exclusive VIP deals.” This year, the volume feels higher and the quality feels sharper because AI tools now generate phishing emails that look exactly like what Amazon, Walmart, Wayfair, UPS, FedEx, or any major brand would send. The old visual tells are gone. The scams and their associated scam websites are practically indistinguishable from legitimate ones.
Here’s a friendly Thanksgiving reminder to check your complacency bias at the door, and get back to basics:
Most obviously, never click inside an unexpected email. Treat every holiday retail message as untrusted until proven otherwise. If something claims to be from Amazon or any major platform, go to the website or app yourself. Do not use the link in the email. Log in normally and check your orders or account notifications. If the message is legitimate, you will see the same alert inside your account. If nothing appears, delete the email.
Now, sometimes, you just want an email to be true and you just can’t help yourself. Before you click on anything, remember since you can’t trust your eyes, you’ll need to verify the sender’s credentials. Here is how to do it in the two most popular email apps.
In Gmail (Desktop/Web Version)
Note: This “under the hood” check is difficult to perform on the Gmail mobile app. We recommend doing this on a computer.
- Open the email and look directly under the sender’s name. You will see the recipient line (usually “to me”) with a small down arrow (▼) next to it. Click that arrow.
- A box will expand showing the technical details. Look for these two specific fields:
- mailed-by: This tells you which server actually sent the email.
- signed-by: This verifies the digital signature.
The Test: Both fields must match the company domain.
- PASS: mailed-by:
amazon.com/ signed-by:amazon.com - FAIL: mailed-by:
gmail.com,hotmail.com, oramazon-support-services.net.
gmail.com and hotmail.com fail because Fortune 500 companies never use public, free email services to conduct business.
In Outlook: Finding the Headers
Outlook hides this information a bit deeper depending on which version you use.
If you use the “New” Outlook (or Outlook on the Web):
- Click the three dots (…) at the top right of the message window (near the Reply/Forward buttons).
- Select View > View message details.
- A window will pop up with a wall of text. Use Ctrl+F (or Cmd+F) to search for “Authentication-Results” or simply scan for
spf=pass.
If you use “Classic” Outlook (Desktop App):
- Double-click the email to open it in a separate window.
- Click File > Properties.
- Look at the bottom box labeled Internet headers. It looks like gibberish, but if you scroll through, you are looking for
spf=passordkim=pass. If you seefail, consider the email highly suspicious and should be treat it as untrusted.
If you haven’t gone through the ordeal of checking who the real sender is, and you’re still thinking about clicking a link… Stop. Before you click any link, hover over it without clicking. A real URL from a major retailer resolves to the brand’s actual domain amazon.com or walmart.com. A fake link usually leads somewhere you have never heard of like amazon-sales-services.net. Hovering keeps you out of trouble.
The safest approach is simple. If an email wants you to act quickly, ignore it and go straight to the source. Your account dashboard is always the truth.
Enjoy the holiday. Stay alert. The scammers are using the same tools you are. This is the week they test how good their models have become.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.