Phishing is an email scam designed to enable identity theft. A phishing email is a fraudulent request for personal information. The phisher usually claims to represent a well-known financial institution or other corporation. The email says it needs your password, Social Security number and a host of other items – usually enough to get credit cards in your name or in some cases rip money right out of existing accounts.

A good phishing email is hard to detect but many of them have telltale signs that give them away. Here are five suspicious things to look out for.

Account Verification Requests: In this common gambit, the email tells you that you need to verify your account information with a bank or other well-known company. Clicking on a link in the email (which you should never, ever do) takes you to a form that may look very authentic. Once who’ve filled it in, the information goes straight to a scam artist.

Fake Emergencies: Phishing email often uses alarmist language to get you to act before thinking. The email will tell you that you could be disqualified for insurance, or that the bank is going to close your account. If you are genuinely concerned about these things don’t bother with email; phone the institution directly. Keep in mind that in the vast majority of cases, any reputable institution will use paper mail and the phone if there really is a problem.

Sites You Don’t Use: One dead giveaway is when you get email from a company or institution you don’t even have a relationship with. If you don’t have an EBay account, you don’t have an “unpaid item dispute” with Ebay (that’s a common phishing email phrase, by the way). By the way, some phishing email includes a link if you are not the “intended recipient” to trick people even in these cases. Don’t click it.

Strange Language: Many phishing scams come from offshore fraud rings that don’t have the best English skills, and even domestic phishers rarely use expert copywriters. Typos and grammatical mistakes are common signs of phishing email.

Strange URLs: One challenge for phishers is that they don’t have access to legitimate domains. They use a number of tactics to try to convince you that you’ll click through to a legitimate site. These include registering typos of popular addresses (i.e. http://www.citigourp.com) and very long addresses that take advantage of the way email software cuts off they way they’re displayed, such as http://www.citigroup.com-23049857y3592-259630-3485762934857045670948670286286wklfh.com).

Track your financial transactions closely, too. Services like LifeLock can do this for you. Remember the core tip in any suspected phishing email: Never click on an email link.