Typically, a phishing email appears to come from a financial institution, a large company, a chain store, a social networking site, or a government agency. The messages try to mimic a legitimate site by using the same or similar colors, logos, fonts and layout. And they often include a link to a legitimate-looking but phony Web page that asks you to enter personal information. One tip-off that an email may be phishing is the use of phrases such as “Verify your account” and “Your account will be closed” if you don’t provide certain sensitive information such as login name and password. A legitimate business will never ask for such personal information via email. Promising big lottery winnings, prizes or other type of windfall if you pay money upfront is another common phishing scam. Misspellings, bad grammar, incorrect punctuation and awkward language—things you wouldn’t expect in a legitimate email message from a business or organization—are a tip-off that the message is phony. The best advice is to trust your instincts. Always contact the financial institutions and other companies you do business with directly, by phone or by typing the company’s URL (Web address) into your browser. Look for legitimate phone numbers on your billing statement or phone directory. And remember, if something appears too good to be true, it probably is.