At this point, just about every email that doesn't come from either a person you already know or a business you recently placed an order with should be treated with extreme suspicion.
But with the increase in online shopping brought on by the pandemic, it can be hard to keep track of how many orders you have outstanding. Scammers are taking advantage of this and attempting to trick victims into clicking links or opening file attachments that only lead to trouble.
The first thing to remember is that online shopping websites never send emails with attached files. If you get one, do not open it.
But what about links? Legit emails from sites like Amazon almost always contain links to help you manage your orders or track shipments.
It is helpful to check the email address of the sender, for every email you receive. Does it make sense that an official email from Amazon would be sent from an address ending in gmail.com or yahoo.com?
Also be sure to look for misspellings. There are many examples of fraudulent emails being sent from "amazoon.com" and "wallmart.com." Watch for tricks like "amazoncom.com," too.
Something like "Paypai" and "Paypa1" can be even harder to spot, as the letter "I" or "i" or numeral "1" can look a lot like a lowercase "l" depending on the font your email program uses. You have to be alert; "waImart.com" appears pretty much identical to the real URL (in case you can't see it on the screen you're reading now, that's an uppercase "EYE," not a lowercase "ELL" in the address). It's important to check links for this kind of trickery, too.
To complicate matters a little, there are a lot of small businesses who use sties like Amazon or Walmart as a platform to sell their products, and some of them might send an email directly to you either to thank you for your business or to give you shipping information if the order isn't being filled by the larger retailer. In these cases, the email address should still make some amount of sense (even if the business happens to be using a free email provider like Gmail or Yahoo), and the message should refer to something you actually purchased. If you didn't buy anything, everything about the message should be a red flag.