Suspicious sender address
Misspelled domain name
Generic greeting
Urgent or threatening language
Unexpected attachments
Unusual links
Mismatched URLs
Requests for passwords
Requests for payment information
Requests for personal information
Poor spelling or grammar
Unfamiliar sender
Too-good-to-be-true offers
Unusual email formatting
Inconsistent branding
Unexpected invoice or receipt
Pressure to act quickly
Unverified login alerts
Suspicious file types
Requests to bypass normal procedures