1. The message indicates it's
urgent and attempts to scare or threaten you to take action. It may say a deal is only for a limited time or that you're behind on a payment and threaten you with legal action.
2. The message often contains a
link to a website or an attachment they want you to open. If you hover over the link it's misspelled or completely different.
3. The message may look like it's from an internal employee but the email address is actually an
4. The message may indicate that they've noticed
suspicious activity on your account and need you to login or your account will be suspended.
5. The message may have
spelling or grammatical errors or be in a different language. This can include a non-standard format for the greeting and signature.