An online phishing scam is an unethical and illegal method of obtaining someone’s credentials online through fraud. Whether it be by fooling you into revealing your username and password or tricking you into giving away your credit card number, phishers are criminals trying to take advantage of your lack of knowledge in regards to ensuring that you’re safe when transacting business online.

There are many ways a phisher can trick victims. These include scams and phishing schemes in which victims are encouraged to click a link that directs them to an illegitimate website; scams and phishing schemes in which victims are led to believe that they have won a prize or gift card when, in fact, victims will never receive anything if they follow instructions on the site; scams that involve credit cards or banking information phishers use to steal digital money from their targets; and scams or phishing schemes asking for other personal information such as social security numbers. What are the warning signs of an online phishing scam?

#1: An unexpected email from a company or person you do business with.

For example, if you don’t have an account with Citibank, you probably shouldn’t be getting emails from them. Likewise, if your IT department doesn’t normally contact you via your personal email address, be suspicious of any such emails that show up there.

#2: An email from a company or person you do not know is asking you to send sensitive or personal information in an email.

The message asks you to click on a link that takes you to a website where you’re asked for personal information. The link may look like it goes to the right place, but it doesn’t — it takes you instead to a phony site designed specifically to steal your password and other info. Instead of clicking on links in emails, go directly to the site in question yourself by typing the URL into your browser. For example, if you think one of your credit card companies has emailed you about suspicious activity on your account, type the credit card issuer’s name into the search box and click on its official site when it appears in the search results list.

#3: Any email that contains a threat or a demand for money.

There’s a sense of urgency and/or threats. Phishers want to scare people into acting quickly — and rashly. If an email claims your account will shut down unless you take immediate action (by sending money, clicking a link, opening an attachment, or replying to the message), it’s probably not legitimate. Likewise, if it accuses you of engaging in illegal activities and demands that you click on a link to prove your innocence, don’t do it.

#4: An email that contains misspellings, grammatical errors, or improper use of words in the message.

An email from a sender with poor spelling and grammar. Cybercriminals aren’t known for their impeccable writing skills. If you receive an email with misspellings, bad grammar, and/or punctuation errors (especially in official communications), it’s likely a phishing scam or malware attack.

#5: An unsolicited email with an attachment.

Hackers often send malicious attachments embedded in spam emails. If you receive an unsolicited attachment, even if it comes from someone you know, do not open it unless you can confirm that it is safe.

You can be vigilant against online phishing scams by knowing what to look out for. The more you know about online scams, the more expertly you will be able to deal with them if they should ever come your way, and the less likely it is that you will fall for one. By arming yourself with the knowledge of what to look out for and how to react, you’ll be better prepared in dealing with online phishing scams.