Even if a message passes the grammar and typo tests, pay attention to the links shown and where they actually point.
- On a PC this is easy – hover the mouse pointer over the link or email address, without clicking on it, and the email program will usually display a small popup showing the real address the link points to.
- If the displayed link is “Apple” but the popup shows something like “https://more.me/xdsd”, DO NOT CLICK. This one is obvious, so sometimes the fake link will at least try to add some text which resembles the displayed name. One should still avoid clicking, and if you want to check, go to a browser, and manually type in the correct URL of the purported site so you can verify it independently.
Security-aware users avoid clicking on links unless they are completely sure they are safe. Especially in emails, this can be difficult to verify, so visiting the correct site independently and proceeding from there is far safer. Any time there is a prompt to click a link in an email, or anywhere really, stop and consider whether it is safe. If that cannot be confirmed, find another way to respond to the supposed sender.