'Your account was locked', a suspicious-login alert, a 'verify your details' link, a scary virus pop-up — most are phishing built to steal your password or card. Paste the message for an instant read — legitimate, questionable, or likely phishing.
Reading a message can't hurt you — only acting on it can. No real company asks for your password or a verification code by text or email. When in doubt, log in by typing the real address yourself.
Quick answer — Most 'your account is locked / suspicious sign-in / verify your details' messages are phishing designed to steal your login or card. A real company won't ask for your password or a one-time code, and won't make you fix it through an unexpected link. Don't click — open the account yourself by typing the official address, and check there.
✓ Free, no sign-up🔒 Nothing you paste or upload is stored⚡ Answer in ~15 sec
How to tell a real phishing email / text from a fake
A legitimate security or account message comes from the company's own verified domain, doesn't demand urgent action through an unexpected link, and never asks for your password, full card number, or a 2FA / one-time code. Phishing fakes a trusted brand (Apple, Amazon, PayPal, your bank, Microsoft), invents urgency ('locked', 'suspended', 'unusual activity'), and pushes you to a lookalike link or a 'support' phone number to capture your credentials.
Red flags
'Your account is locked / suspended / had a suspicious sign-in — verify now' urgency.
A link to 'verify', 'reconfirm', or 'reactivate' that isn't the company's real domain (e.g. apple-id-verify-support.com).
Asks for your password, full card number, SSN, or a 2FA / one-time code.
A pop-up telling you to 'call Microsoft / Apple support' about a virus.
A sextortion email claiming it recorded you through your webcam (an empty bluff).
What to do
Don't click the link or call the number — paste the message above to flag the phishing signals.
Open the account yourself by typing the official address (or using your app) — never via the message's link — and check for any real alert.
Never share your password or a one-time / 2FA code; no real company asks for them.
If you already entered details, change that password (and anywhere you reused it) and contact your bank; report phishing to the FTC.
FAQ
How do I know if an email or text is phishing?
It pressures you with an urgent account problem, links to a lookalike (not the company's real domain), and asks for your password, card, or a verification code. Real companies don't do that — log in by typing the official address yourself to check. Paste it above for a read.
Is the 'your account has been locked' message real?
Usually not. Scammers fake account-lock and suspicious-login alerts to rush you to a fake login page. Don't use the link — open the account yourself from the official app or site and check there.