By Chris Burger

Before you open that next email from a well-known company – whether it’s from a news site, bank or vendor – give yourself an extra second or two to examine it closely.

Many security companies reported a dramatic increase in phishing attempts in 2016 and the trend is continuing this year. The latest example is the recent phishing campaign that targeted Google’s nearly 1 billion Gmail users.

Phishing is a scam where attackers are disguising themselves as familiar companies – such as ADP, eFax and DHL, for example – to trick you into sharing valuable company or personal information.

You don’t want to be next on the hook. The best way to avoid becoming a victim is to notice irregularities in the message. Here are five things to consider to help determine if an email is a possible phishing attempt:

1. Check the sender’s email address domain in the “From” line

Look at this example:

The first element to consider is that the “From” line says it’s being sent from ADP’s billing department, but we can see it’s actually from the domain Probably not ADP’s billing department. As you might expect, legitimate companies typically send from their own domains.

2. Hover over hyperlinks to see where it directs you

Next, consider what the email is asking. In many cases, scammers will try to get you to click a link. If that’s the case, hover over and see if the same address appears. In this example, you can see that the link to appears to direct you to an ADP invoice, but actually sends you to a malicious website.

3. If you click a link to a page, check if they prefill your email in the username box

If you get to the page (and let’s hope you won’t), you’re greeted with a request for login information. They try to make it look professional by automatically grabbing your email and prefilling it in the username box. In this case, they are phishing to get your login credentials. (The actual user’s email address was omitted for privacy.)

4. Think about whether the email is one you were expecting

Think about whether this is an email you were expecting or have gotten before. They tend to be very generic in nature and unprompted. With more shopping being done online, it’s easy to look at these emails and think that the invoice, fax or tracking information is valid. That’s human nature, and it’s exactly what scammers are counting on to lure you in.

5. Beware of grammatical errors and different email formats

Grammatical errors should always be cause for pause. While copywriters and editors may make the occasional typo in their emails, companies that phishers try to imitate, like Amazon and MasterCard, can afford to hire good spellers. Emails that are formatted differently than they normally are also warning signs. It’s one thing for a website or logo to get a facelift. It’s quite another for a company that would normally have purchase information in the body of the email to put it in a .zip attachment.

Phishing usually works because we’ve developed predictable behaviors, like trusting a familiar logo, clicking a hyperlink and entering a password below our email address. To avoid being a victim, we need to develop new habits that include viewing each email with a skeptical eye, looking for tell-tale signs of a scam and never entering credentials on a questionable site.

Chris Burger is a cybersecurity specialist at AppRiver, which provides email messaging and web security solutions.