4. Does the email contain links disguised to look official?

When it comes to hyperlinks check for the existence of an '@' symbol. If there's only one method of scam identification you remember then this might be the most important because this reveals exactly where any information you provide will actually end up.

Web browsers ignore anything that appears before http:// and an '@' symbol.

In the email above we see,

The '@' is almost hidden by the group of what would seem to be some kind of encoded information. This tells us that the actual web address the link leads to is actually

. This is not a HSBC website! da.ru URLs are infamous for their less than clean spam/scam record due to the free redirection service they offer to anyone and everyone.

The characters after the '?' are probably used to identify your email address as being valid. Often, spammers send unique, generated codes within emails and track their response. They know what codes went to which email addresses so if a particular URL with a unique code is visited then the email address that received that code is verified as a live target.

As an example, try this URL in your browser,