1. Not even PDFs are safe. If you receive an attachment from an unknown sender, be wary. Even if your antivirus scanner reports the file safe, there could be macros embedded in the file that launch malware or Trojans, which let hackers see and control all your files and keystrokes. The only file type that is always safe to open is TXT.

2. Closely examine the URL. One clue that an email is malicious is if a company name in the URL is misspelled. But it’s not always easy to tell. An “r” next to an “n” looks a lot like an “m.” So make sure that the email in your inbox is actually from Microsoft not rnicrosoft.

3. Check the time. Was the email sent at an odd hour? If you receive an email from a friend or colleague at 4 a.m. and that seems out of character, look for other clues that the email is phony.

4. Don’t be fooled by urgency. If an email message demands immediate action, slow down and think. Take the time to verify the request. When in doubt, throw it out!

5. Hover over the link. Does the sender’s logo look legitimate but the email still seems fishy? Rest your mouse over hyperlinked words to see the actual URL. You might be surprised that it looks nothing like the address of a legitimate sender.