According to Verizon Data Breach Investigations Report (DBIR) 2019, 94% of malware was delivered via email, so yes, phishing is a big deal. Other tips to spot a phishing email are:
1) Watch out for suspicious attachments. All emails with attachments should be treated with caution especially if they have an unfamiliar extension (.exe, .html, .zip, etc.)
2) Fake Reply-to address. Some phishing emails have a fictitious reply-to address, instead of “microsoft.com”, it may be “rnicrosoft.com” or “microsoft.something.com”. Note that it is very easy to fake a reply-to address.
Further, if you work in accounting or payments in your office, then you should beware of these subject lines as they are the top five subject lines for business email compromise (BEC) attacks:
1) Urgent
2) Request
3) Important
4) Payment
5) Attention
Finally, here are a few tips to stay safe from phishing:
1) Don’t click links you didn’t ask for. For example, if you’re expecting an email from a co-worker with a link to a service then that’s okay. Any email with a link you’re not expecting should be treated with caution. If you need to click the link, right-click and copy and paste it on the website below:
https://www.virustotal.com/gui/home/url
2) Don’t open Email attachments. If you received an email with an attachment you didn’t explicitly ask for, contact the sender(via phone or some other means).
3) Open emails from a web browser with an anti-phishing extension such as Phishdetector or Cyptonite.