Last verified by our editorial team: April 2026
Email is still one of the most common delivery channels for job scams. Scammers send fake recruiter emails impersonating Amazon, Google, Microsoft, FedEx, and dozens of other brands. The emails often look professional, with company logos and formatting copied directly from real recruitment messages. But every fake recruitment email has signatures that expose it. This guide covers the four email scam patterns and exactly how to verify any recruitment email in 30 seconds.
Real recruitment emails come from a verified company domain (e.g., @amazon.com), reference your specific application, never request fees, and link only to the company's official careers page. Anything else is a scam.
Email comes from an address that looks like a real company but is slightly off: amazon-careers.com, microsoft-jobs.net, google-recruitment.org. The domain is registered by the scammer. Always check the domain matches the official company domain exactly.
A scammer compromises a real recruiter's email account and sends fake offers from their genuine address. This is rare but happens. The signal: the email contains links to non-company websites, requests personal data atypically, or has an urgent fee request.
The 'From' field shows the real company name but the actual sender is different. Hover over the sender name (or check 'Reply-To' header) to see the real address. If the reply address differs from the displayed sender, it is spoofed.
The email asks you to download an 'offer letter PDF' or 'onboarding form' that contains malware, or links to a fake login page that captures your credentials. Never download attachments or click links until you have verified the sender's authenticity.
Step 1: Check the domain matches the official company domain exactly. Step 2: Hover over links to see real destinations. Step 3: Search the role on the company's official careers page. Step 4: Find the recruiter on LinkedIn and verify they work at the company. Step 5: Reply asking for a video call. Real recruiters agree, scammers stall.
Compare the domain after the @ symbol to the company's official website domain. They must match exactly. amazon.com is real. amazon-careers.com is fake. When in doubt, type the company's URL in your browser instead of clicking email links.
Generally no. Real recruiters use company email. Some independent contract recruiters use Gmail but identify themselves clearly with their company affiliation, LinkedIn link, and a verifiable phone number.
Visual quality is meaningless. Scammers copy logos and formatting easily. Verify through the domain, the recruiter's LinkedIn, and a callback to the company's main number — never trust visual appearance alone.
Not until you have verified the sender. Malicious PDFs and Word documents can install malware. Verify sender authenticity first, then open attachments only on a device with up-to-date antivirus.
Reply-To is the address that receives your reply when you hit reply. Scammers spoof the 'From' field but cannot fake Reply-To. Mismatched From and Reply-To indicates spoofing.
Forward to phishing@<company> if available (phishing@amazon.com, phishing@microsoft.com), report to spam@uce.gov for FTC analysis, and mark as phishing in your email client. Then delete.
Yes. Phishing links lead to fake login pages that capture credentials. Always type the company URL directly. If you entered credentials on a phishing page, change passwords immediately and enable 2FA.
Verify before responding. Search the role on the company's careers page, find the recruiter on LinkedIn with verified company employment, and reply asking for a Zoom call. Real recruiters welcome verification.