...
- Suspicious links or unexpected attachments - the links that appear in an email body may go to somewhere unexpected, always rest/hover your mouse over any links which will reveal the real web address and don't click any suspicious links.
- Urgent call to action or threats - be suspicious of any email that claim claims that you must click, call, or open an attachment with urgency. A common attack method is to claim something is time sensitive creating a false sense of urgency. Whenever you see a message calling for immediate action, pause, and look carefully at the message - are you sure it's real? Slow down and be safe.
- First time or infrequent sender - whilst it's not unusual to receive an email from someone new for the first time, especially if they are outside your organisation. New senders can be a sign of phishing campaign, so take a moment and examine the email carefully.
- Mismatched email domains - if the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like gmail.com, or microsoftsupportteam.ru or nabbank.com - it's a scam. Also be watchful for very subtle misspelling of the legitimate domain name, like micr0soft.com
...