Below are things you can look for in your email when you suspect a message may be phishing.
Check the Address
If the email appears to come from a legitimate organization but they "FROM" address is someone’s personal account, such as @gmail.com or @hotmail.com, this is most likely an attack. Also, check the "TO" and "CC" fields. Is the email being sent to people you do not know or do not work with?
Check the Greeting
Be suspicious of emails addressed to "Dear Customer" or that use some other generic salutation. If a trusted organization has a need to contact you, they should know your name and information. Also ask yourself, am I expecting an email from this company?
Look for Mistakes
Be suspicious of grammar, spelling and formatting mistakes; most businesses proofread their messages carefully before sending them.
Slam on Brakes
Be suspicious of any email that requires "immediate action" or creates a sense of urgency. This is a common technique to rush people into making a mistake. Also, legitimate organizations will not ask you for your personal information.
Raise an Eyebrow at that Link
Be careful with links, and only click on those that you are expecting. Also, hover your mouse over the link. This shows you the true destination of where you would go if you clicked on it. If the true destination is different then what is show in the email, this is an indication of an attack.
Trash that Attachment
Be suspicious of attachments. Only click, on those you are expecting.
Don’t Quit Your Day Job
Be suspicious of any message that sounds too good to be true. No, you did not just win the lottery.
Phone a Friend
Just because you got an email from your friend/colleague/family does not mean they sent it. Your friend’s computer may have been infected or their account may be compromised. If you get a suspicious email from a trusted friend or colleague, call them on the phone.
When in Doubt, ask I.T.S.
When reporting a phishing email it's best to include the Internet Headers with the message, so Infosec can verify where the message originated from. Read more: Forwarded Messaging Headers, with screenshots and instructions.
Suspicious messages in your personal e-mail?