Check the sender’s email address for misspellings or unusual domains
Verify the sender’s display name matches the actual email address
Look for urgent, threatening, or overly persuasive language
Be cautious of requests for passwords, codes, or personal information
Hover over links to inspect the real destination before clicking
Watch for unexpected attachments or file types
Look for spelling, grammar, and formatting errors
Compare the message tone to previous legitimate emails from the sender
Verify requests through a separate trusted channel
Be suspicious of messages asking for immediate action or secrecy
Check for generic greetings instead of your name
Inspect email headers if available for signs of spoofing
Confirm website URLs use the correct domain and secure connection
Use spam and phishing filters
Report suspicious emails to your IT or security team
Delete emails that appear suspicious and avoid replying to them