First of all, the biggest and most important message and one I think every fraud agency should use is that phishing emails will have one fundamental thing in common; something to click, be that a link or an attachment. Clicking anything in an email is bad, even if it came from your friends, as people's email accounts can be easily hacked. What you should look for in that case is whether this is out of character for your friend. If so, don't click it.
Let's examine the most frequent phishing emails and how they persuade. Most phishing emails are designed to evoke visceral states. Visceral states are sexual arousal, hunger, greed, fear and so on. When we are under visceral influence, we are likely to bypass careful information processing and act without proper thinking - because we are acting on that visceral influence. When you are starving, you are likely to eat stuff you would reject otherwise, when you are scared of something, you will do anything to save yourself from danger, when you are attracted to someone, you will do anything to get them... so let's see the language used by phishing emails.
Those offering refunds
Who doesn't like getting refunds and money back. The offer of free money often puts one in a visceral state of excitement and greed and this is precisely what the scammer wants. They want you to get excited at the prospect of free money enough to act straight away.
Who doesn't like a tax refund. Notice this one also have an expiration date, which will further influence you to act in the moment, fearful that you will miss a deadline.
Then there is a link you need to click. Probably will ask for your bank details so they can pay you. They give you 4 weeks so that you don't report anything for a while and they have time to scam you.
TV licence refund anyone - when does that happen? Not even in your wildest dreams. Juicy link to boot - see how it stands out so you have no time to read anything else.
Those offering free prizes
Argos doesn't know my postcode - see how it is not specified? Also, you cannot see a link in this one that well but I guarantee you that yes and no buttons don't do anything so you will have to click a link under them, confused that you cannot activate the buttons. Then they will ask you for details to give you the gift card but trust me, you won't be buying anything from Argos's Elizabeth Duke collection.
Here is another one, note again, two nice juicy links, offering a prize package, all you have to do is confirm your details.
Added time limit to make you act in a moment in case you lose the deal - this is a known scamming and persuasion technique.
Good old malware types
Lucky, most virus software filters flag these but note how they targeted me on my university email and they made it very relevant - academics are likely to go to conferences. It asks you to note the date and time in the attachments so in order to check what is going on, you would have to click on it.
Those preying on your fears
Here are few examples of phishing emails that will induce panic and fear and make you want to sort out the problem as soon as possible.
You won't have time to notice the weird way this email is composed. Why would your account be limited? All you see is something is wrong and things will get worse in 24 hours if you don't click that button.
I still see advice such as 'hover over a link' to see if it is legitimate but this is now outdated. Good scammers can fake everything, the link will give you an appearance of going to a legitimate place. Email will seem fine. Look at this example - port.ac.uk is part of the email for my university and this was faked. Previously when people clicked the attachment thinking it came from the university, the virus infected their address book, sending spam and scams to all their contacts - this time from their email.
The only reason why you would need to click a link in an email is if you subscribed to something that minute and you need to verify email or you requested a password change and you need to follow a link. Any unsolicited emails with links are probably not good news. Scammers cannot get to your details if you don't click links but it helps to understand psychological states the emails are designed to put you in, so you act against your best interests.
If you are worried about your accounts being compromised, call/log in from another source, never use a link.
Add me on Twitter for daily advice and stay scam safe.