What are signs of a phishing email?

Sender indicators: mismatched display name and address, unfamiliar or slightly wrong domains, unexpected senders for the content type, and authentication failures visible in headers.

Content indicators: urgency pressure ("act now or lose access"), threats ("account suspended"), requests for credentials or sensitive data, generic greetings ("Dear Customer"), and poor grammar or formatting inconsistent with claimed sender.

Technical indicators: suspicious links (hover to check), unexpected attachments, requests to enable macros or bypass security warnings, and landing pages requesting unusual information.