Phishing attacks try to steal your user credentials by sending you to fake websites.
Usually emails are used to trick you.
hotmail.com is not Microsoft's official corporate email.
Usually phishing mails will claim that immediate action is required.
Double exclamation marks, no spacing after commas and poor spelling.
Your email server sees a lot of technical information about the incoming message. If it thinks it is inauthentic, it will likely label it as spam. If you receive a seemingly legitimate message which was labeled as spam, be extra careful.
Even if a spam message is not a phishing scam, it is still detrimental to your organization.
It is therefore not necessary to explicitly differentiate between spam mails and phishing mails.
A legitimate business organization will never do this.
evil.com has nothing to do with the bank.
While the right name is included, this domain has nothing to do with the bank.
Casual observers may miss the n in bankofanerica.com.
Instead of your the url starting with https://
It starts with http://
Legitimate login forms will never be unencrypted.
Never continue if this warning is issued.
This is called a spear phishing attack, which is highly targeted against one specific person. Attackers perform research to learn about the names and activities of friends and coworkers to create a much more convincing phishing email.
Other messages look like they came from your friends or colleagues.
This is called social Phishing: the abuse of previously compromised email or social media accounts to then attack the victim's friends and colleagues.