The main objective of a phishing scam is to gain your sensitive and personal information by appealing to your emotions through urgency, fear, or greed. The email sender is often disguised as a reputable organization or familiar individual that you think you can trust. They are often sophisticated enough to break through basic spam filters, but if you know what to look out for, you’ll find they are typically constructed with common characteristics.

Hackers can quickly accumulate information about you on the internet in order to figure out what triggers you’ll likely respond to. They may learn that you live in Illinois, work for XYZ company, and bank with Chase. So when they send a phishing email that looks like it’s from Chase and name-drop a piece of information you think only they’d know, you may be quick to assume it’s real and log into their URL without even thinking twice. At this point, it’s too late; they already have your username and password and can now log into your real Chase account.

There’s currently no way to fully stop all phishing emails from landing in your inbox, but here are a few red flags to look out for that will help you identify phishing scams:

1. Emails that threaten urgency and negative consequences if you don’t act quickly. This pressure is intended for you to overlook the details. Do not act without thinking, and check for some of the other red flags below first.

2. Poor grammar and spelling mistakes. Most established companies will apply spell-checking tools before sending out a branded email. While some phishing emails will have poor grammar that’s easy to identify, others will duplicate a real brand-name email and replace the links with false ones. So accurate grammar isn’t always a reliable sign that the email is valid, but it could give away when it’s not.

3. Unfamiliar or overly formal greetings such as “Dear” or others that you generally don’t hear in informal office interactions should garner a second look.

4. Get in the habit of checking email addresses, links, and domain names. Hover over hyperlinks in the email to view the real URL, which may not match who they claim to be. If the company claims to be cashbank.com, but the hyperlink when hovered says ca5hbank.com, this should arouse suspicion. Check the sender of the email. Is their domain name (following the @ in their email address) look authentic? Most of the time, this will be the company name if valid. Eg, johndoe@cashbank.com. Not johndoe@cashbank.cba.com, or johndoe@ca5hbank.com)

5. Banks and major organizations will NEVER ask for your personal username, password, or credit card number through email. If you’re unsure if it’s real, call your bank or account directly (not through the number or website listed on the email in question).

6. “Too good to be true” emails. If you’ve been notified you won a competition that you don’t recall entering, this is a scam.

7. Anything that threatens account closure unless you hand over personal information.

If you are unsure whether or not something is a phishing attempt, do not take the risk and prematurely click into links and/or hand over information to the sender. Reach out to your IT department or CCSi Communications first to check and see if the email is clean and valid.