Were you expecting this email?
If you were expecting the email, it may be legitimate. However, do not rely on this fact alone as it may be just a coincidence. Is the email asking for non-public information or for you to perform a high-risk transaction?
Yes, yes, be very cautious. Confirm the validity of the email via an alternate method, such as calling the person or company directly. However, do not use information provided in the email, use well-known contact information. Is the email asking you to click on any links?
If yes, do not click on any links in the email until it is confirmed. In most cases, you could go directly to the system or website. For example, if you are requested to change a password, if you go directly to the system and the password change request was valid, the system would prompt you then. Does the email include attachments?
Be cautious of any attachments, especially any .ZIP, .EXE, or any abnormal extensions. If you believe the attachments are legitimate, and you get computer warnings or other messages, do not continue. You should contact your technology staff for guidance. Does the email content sound too good to be true?
Like the old cliché say, if it sounds too good to be true, it probably is not true. Be very cautious of any statements claiming you won money, trip, or anything of value. | 
