Q. I’ve received emails from my bank that I suspect are fraudulent, but I’m nervous about ignoring them. What should I do?

A. First, check the sender’s email address for misspellings. Fraudsters trying to lure you with a phishing scam might use an address that’s similar to a company’s official one, but not exactly the same. It’s not a foolproof tactic, though, because some crooks can completely “spoof” an email address. But you can be certain that a U.S.-based organization’s email address won’t include a domain extension from a different country (such as .ru for Russia or .br for Brazil). Many phishing attempts originate abroad, often from non-native English speakers, so poor spelling and awkward sentence structure in the body of the email could be another telltale clue.

Hovering your cursor over links in the email’s text will reveal a code showing where the link really leads. If it doesn’t include the company’s domain name before the first forward slash (/), don’t click on it. And last, if the email asks you to verify or provide personal information such as credit card and bank account numbers, your Social Security number, or passwords, it’s definitely a fraud, says the Federal Trade Commission. If you’re still in any doubt about whether the email is legit, reach your bank directly; check the contacts page on its website.

For more information, check our security software buying guide and Ratings.

Send your questions to ConsumerReports.org/askourexperts.

Editor's Note: This article also appeared in the September 2016 issue of Consumer Reports magazine.