Be cautious of any email or website that asks for sensitive information and watch for these red flags before sharing information electronically.
Mistakes in grammar or spelling. Real organizations do mess up once in a while, but if the message is so full of errors your elementary school teacher wouldn't accept it, it's likely a scam.
Fishy to/from address. "From" addresses can be easily forged, so pay attention to the "To" field. Is your email address listed? If not, the message is likely a phishing attempt.
No personal information in the email. Most legitimate institutions have your information on file and will address you by name. A "Dear Valued Customer" salutation is suspect. However, phishers can mine public records and social networking sites for your personal details, so don't assume a message is safe just because it contains your name or other trivia.
Requests for personal information. Sensitive information such as passwords, bank account numbers, and social security numbers should NEVER be sent via email. CenturyLink, PayPal, and your bank are examples of companies that would never ask for personal information in an email.