You’ve heard of email phishing, spear-phishing (a message designed to target a specific person), and other cybercrime. But how do you protect your business and personal information from these attacks?

Ask yourself the following questions when reviewing or responding to email.

Is this email really from who I think it is?

Email scams often try to spoof an email or sender name that will be familiar to you. Check the email address for numbers that masquerade as letters (e.g., app1e.com versus apple.com) or sender names that don’t match the email address. If the sender name looks suspicious, independently verify the address of the person who supposedly sent the email and separately message them to check its authenticity.

Does something seem wrong with the message?

Suspicious attachments, links with no context, stilted or confusing sentences, or a suspicious level of urgency could all be signs of an email phishing attack. Phishing is designed to prey on human emotions—politeness, curiosity, wanting to help—requiring extra skepticism to evade. If something seems off, trust your gut.

Would this person really send something like this?

The best defense against falling for an email phishing scheme can often be picking up the phone and calling someone to verify the message.

“Cybercrime and wire fraud are the number-one threat to the real estate industry,” said Ronnie Matthews, chairman and principal of Great American Title Company. “We see threats every day. … We have to learn to use the phone again. If something looks odd, don’t click on it. Call the person.”