phishing - generally an attempt via email to get you to click on an (malicious) attachment click on a hyperlink which will carry you to a malicious website (called a "watering hole" ) where you might be tricked into giving up credentials to (usually) your bank account click on a hyperlink which will carry you to a watering hole which will auto-download malware to your computer WRT malicious attachments, if you get an email from somebody you do not know, and the email has an attachment, delete the email straight away. If you get an email from somebody you DO know, but weren't expecting an attachment, call them and make sure they actually sent you an email with an attachment. If you can't get in touch with them in fairly short order, go ahead and delete the email anyway. Call them later and ask them to resend the email, assuming they actually sent it in the first place. hyperlinks - a website address contained within the email. Always look closely at the hyperlink before you click on it. It is trivially easy to show a URL for something like https://www.africahunting.com as the display text, but the real URL is to some other place. It is also trivially easy to make it look like the link really is to AH, but then substitute a letter from the extended Latin or German characters that LOOKS like our standard Latin characters. https://www.africahunting.com https://www.africahuntìng.com They will do things like spoof friends/family (very easy to figure out who those are with 10 minutes of research on social media), so that the "from" field on the email might look like this from: Bob Smith <JimJones@mailer.com> It may seem stupid, and really, who would be fooled by something so obvious? Lots of people. Salutations: Dear Sir (or Madam, or valued customer, or customer, or ANYTHING but your name) is almost always a dead giveaway that you are being phished. Most legitimate businesses, when they send you an email, will greet you with the name your provided them when you created your account with them. The only exception I've ever seen is Wells Fargo bank. There may be others, but I've seen the legitimate emails from them. It's effing stupid, and whoever is responsible for it at WFB should be flogged. Email body: along with the aforementioned items, it's usually fairly obvious after reading and re-reading when the author of the email doesn't speak English as their first language. There will be mis-spellings, or grammar which while correct, is not common American vernacular. Or there could be a couple of glaring grammatical errors. Some phishers are very sophisticated. They may embed logos from legitimate businesses (BoA, Yahoo, Amazon, etc) as part of the email. Don't get sucked in just because you see a real business' logo, watermarks, etc. The two most common ploys of phishing emails are 1. appeal to greed - think Nigerian prince scam, or some iteration of it. 2. an attempt to invoke a sense of urgency - if you don't log in at the link below, we'll be forced to close your account within X days 3. a combination of 1 and 2 There are just no hard and fast rules for detecting phishing. With the above, and an application of common sense, you can avoid them. Just don't be a clickopotomus when you're going through your emails.