Please read: How to spot dangerous email scams.

Staying Safe from Scam and Phishing Emails

Email is part of almost everything we do, which makes it a favorite tool for scammers. Phishing emails are fake messages designed to trick you into clicking a link, opening an attachment, sending money, or sharing personal information like passwords or bank details.

These emails often look convincing, but there are clear warning signs and habits that can keep you safe.

Common types of phishing and scam messages

Scammers use many different hooks, but most phishing falls into a few familiar patterns:

Fake account or service notices: Messages claiming to be from banks, delivery companies, streaming services, or online shops, saying there’s a “problem with your account” or “a payment failed,” and asking you to click a link.
“You must act now” alerts: Emails warning that your account will be closed, your subscription will be canceled, or you will be charged a fee if you don’t respond immediately.
Prize, refund, or donation scams: Messages about winning a prize, getting a tax refund, or urgent requests for donations that ask for your personal or financial information.
Missed call, voicemail, or document notifications: “You have a new voicemail,” “View secure document,” or “See attached invoice” emails that push you to open an attachment or sign in on a fake page.
Targeted “impersonation” emails: Messages that appear to come from your boss, coworker, vendor, or a familiar contact, asking for gift cards, wire transfers, or documents.

Scammers may also use text messages (smishing), phone calls or voicemails (vishing), QR codes (quishing), and social media messages, but the goal is the same: get you to act quickly without thinking.

Red flags to look for in emails

Even when a scam message looks polished, there are clues that something is wrong.

Watch for these red flags:

Suspicious sender's address: The display name may look right, but the actual email address is different, misspelled, or from a free provider that doesn’t match the organization (for example, “support123@gmail.com” instead of an official domain).
Urgent or threatening language: Phrases like “act now,” “final warning,” “immediate action required,” or threats that your account will be closed are meant to create panic and bypass your usual caution.
Requests for sensitive information: Legitimate organizations rarely ask you to send passwords, full Social Security numbers, or full card details by email or through a link in an unsolicited message.
Unexpected links or attachments: Attachments you were not expecting, especially with strange file types, and links that don’t match the site they claim to be from, are major warning signs.
Poor or “off” writing: Many scam emails still contain odd wording, spelling errors, or a tone that does not sound like the person or company they claim to be. Newer AI-driven scams may have better grammar, so do not rely on spelling alone.
Offers that are too good to be true: Huge prizes, surprise refunds, or extremely steep discounts that require you to “verify” your identity first are classic bait.

If several of these signs appear together, treat the message as suspicious.

Simple steps to verify a message

Instead of reacting to what’s in your inbox, build the habit of verifying first.

When you receive a message that asks you to click, download, or share information:

Do not click the link right away: Hover over the link with your mouse (without clicking) to see the real web address it will open. If it looks strange, misspelled, or unrelated to the company, don’t use it.
Go to the source yourself: If the email claims to be from your bank, a delivery service, or a familiar company, open your browser and type the official website yourself or use a saved bookmark instead of using the email link.
Use known contact information: Contact the organization using a phone number or email address you already know, or that is listed on their official website, not the contact details in the suspicious message.
Check with the person directly: If an email appears to come from a coworker, supervisor, or friend and asks for money, codes, or sensitive documents, call or message them through another channel to confirm.

If you cannot verify the message, it’s safer to delete it.

What to do if you suspect a scam

Acting quickly can limit the damage and help protect others.

If you think a message is phishing:

Do not respond, click links, or open attachments.
Mark it as spam or phishing in your email program, which helps filter similar messages in the future.
Follow your organization’s procedure for reporting suspicious emails (for example, using the “Report Phishing” button or forwarding to your IT/security team).

If you clicked a link or entered information:

Immediately change the passwords for any affected accounts, especially email and financial accounts.
Turn on multi-factor authentication (MFA) if it is available, to add an extra layer of security.
Monitor bank and card statements and consider contacting your bank or card provider to warn them of possible fraud.
If it is a work account, notify your IT or security team right away so they can take additional steps.

Everyday habits that keep you safer

Consistently practicing a few simple habits can significantly lower the risk of scams affecting you or your organization.

Keep your devices and apps updated: Allow automatic updates on your computer and phone so security patches are installed as they are released.
Use strong, unique passwords: Avoid using the same password everywhere. Consider using a reputable password manager to create and store complex passwords.
Turn on multi-factor authentication (MFA): Whenever a service offers MFA, enable it so logging in requires not just a password but also a code or security key.
Back up important data: Regularly back up your files to an external drive or secure cloud service so you can recover them if something goes wrong.
Stay informed and share what you learn: Scam tactics change over time. Reading brief security tips, attending short training sessions, and sharing warnings with coworkers, friends, and family help everyone stay a step ahead.

A Note from HDI Wholesale: Your Security Matters

At HDI Wholesale, your trust and security are a top priority. We want to reassure you that we will never request sensitive financial information, such as bank details or credit card numbers, by email without first speaking with you directly by phone.

If you ever receive a message that seems unusual or concerning, please know that your dedicated account manager is always available by phone to review and confirm any communication with you. We encourage you to reach out anytime you have questions or need verification.

In addition, we upgraded our website platform in 2025 to further strengthen the protection of your information. These improvements ensure we are using the most advanced security standards available to help safeguard your data.

Your safety and confidence in working with us matter—always.